Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internet activity - saving events

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Hi,

      I am a beginner in pfsensie and so I have a question. Basic.

      I'm looking for functionality or possibilities how to solve this problem. I need to collect such as Web logs - information such ip local computer that connects to an external ip - the date and time. In short, who visited the ip and when. I have these logs archived and kept for two years. I was looking for a solution in search engine and descriptions Packages but nothing concrete is not found. Is this a big problem in pfsensie?
      Or archive Internet activity, and how you resolved it?

      adminkg

      Sorry for my english

      1 Reply Last reply Reply Quote 0
      • M
        mhab12
        last edited by

        The squid package will log all http traffic including destination, source, and date/time stamp.  There are also packages like lightSquid that can parse the logs into more visually appealing reports with graphs etc.  I attached a sample from Squid's access.log file so you can decide if it fits your needs:

        1230806674.821    108 10.21.1.200 TCP_MISS/200 417 HEAD http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - DIRECT/65.54.87.57 application/octet-stream
1230806674.939     41 10.21.1.200 TCP_MISS/200 405 HEAD http://update.microsoft.com/v8/microsoftupdate/redir/MUAuth.cab? - DIRECT/65.55.25.93 application/octet-stream
1230806678.185     37 10.21.1.200 TCP_MISS/200 415 HEAD http://download.windowsupdate.com/v8/microsoftupdate/redir/muv3muredir.cab? - DIRECT/65.54.87.59 application/octet-stream
1230806679.883     36 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891918_f90a43e2e22893857f7c1d3228e2d01ee45bf0be.cab - DIRECT/65.54.87.59 application/octet-stream
1230806679.936     53 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891920_e7f6c3f19a0f3e20253f14efaa7aeb7a52be1936.cab - DIRECT/65.54.87.57 application/octet-stream
        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Hi,

          Thank you very much!

          I attached a sample from my Squid's access.log file from /var/squid/log/

          
1291656367.155 179583 10.30.30.112 TCP_MISS/504 1339 GET http://earthquake.usgs.gov/eqcenter/catalogs/eqs7day-M2.5.xml - DIRECT/10.30.30.2 text/html
1291656406.239  22076 10.30.30.112 TCP_MISS/000 0 GET http://finance.yahoo.com/q? - DIRECT/10.30.30.2 -
1291656406.239   4193 10.30.30.112 TCP_MISS/000 0 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/10.30.30.2 -

          What is the date/time stamp? How to figure it out?

          Is this file in any way configured for the size of the time? Can you make it automatically a rip on another server. It has a rotation?

          adminkg

          1 Reply Last reply Reply Quote 0
          • M
            mhab12
            last edited by

            The time is in unix format…here is a converter:
            http://www.onlineconversion.com/unix_time.htm

            Yes, you can setup log rotation.  Yes, you can have the server log to another physical server.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Hi,

              The time is in unix format. And that be so, as I understand it.

              Log to another physical server. How this can be done eg on Windows server? If there is a possibility.

              In Proxy server: General settings >> Custom Options I have:

              redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

              What is this?

              Thank you for your reply.

              adminkg

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.