Squid & Sarge - more than port 80?
-
I use Squid proxy and then use sarge to create logs of pages visited. I think I am correct in saying this will only log port 80 traffic? Is there away to also log traffic on other ports too? I run an open public WiFi system and would like to be in a position where I can say "It was this client that accessed that site", but this will only be possible for port 80?
Am I barking mad here?
-
In transparent mode, only port 80 would be possible.
If the clients had the proxy settings in their browser, then it would get everything. That isn't really feasible in your type of system though.
You might consider setting up something like netflow to track user/traffic flows and then you should have enough information to at least see which local IP connected to a certain remote IP at a given time.
-
Is there a package that would do this?
I can see pfflowd and ntop in the packages list - Would either of these be able to do this without third party intervention too?
Thanks.
-
There isn't a way to store that info long-term on pfSense directly. ntop can get some but probably not the detail you want, it would be more for a summary or graphing.
pfflowd (or softflowd, see the doc wiki) can export netflow data to a separate netflow server which then logs and records that information in a database, and you can then query or graph from there. The netflow server would be separate software, there have been several forum threads and mailing list threads discussing various free and commercial netflow server options.
While ntop is capable of acting as a Netflow collector and server, I haven't had a ton of luck getting it to do what I wanted in the past. It's also fairly heavy in terms of dependencies and resource requirements.