MAC, IP and Surf history Logging



  • I'm looking to set up pfsense in a restaurant as a captive portal. I've been looking at NTOPNG to help me log MACs along with Surf history (flows in ntopng). But ntop seems a little limited when it comes to searching through the logged information, if logged at all.

    What could be some of my options to keep track of a MAC Address, IP Address that it was associated with, and all requests that went through the router?

    EDIT: I forgot to mention that there is no authentication. Our customers simply accept our terms and conditions; we have unrestricted access to the internet which is why we'd need to keep this info in case of any cease and desist letters.



  • Hi,

    Depending on the country where you live, yes, as soon as you make YOUR connection (to the Internet) available to 'strangers' (but also : your family in your house), YOU are responsible for your connection - and what has been done with it.

    To make things more clear : I'm living in France, where they tend to mix up laws dating before 18th century with new laws, published after 2015, to create a situation where everybody understand their rights …. (yes - and we all love this situation).
    You got my point : this won't work.
    Over here : they do not throw the postmen into prison anymore because he delivered you a letter that was 'harmful' to you.
    They do not put in jail the big telco chief ("Orange") because some phone calls where made that did hurt our society.
    They stopped putting in jail the big chief of Renault, because some one killed some one else with one of his cars ....

    Also : most connections are encrypted ("SSL" using https://) so you only see IP's and nothings else (means : no prove for no-one).

    Added to that : a pfsense systems that logs details concerning the connection 'real time' must be a BIG, power full system (read = expensive).

    I advice you to filter the intelligent way : use an access code (or vouchers).
    Make a nice login page where you warn people, like "do not use our system if you do not like to be spied upon". Add some more words like "anything you type can be printed against you".
    But, at the end, do not try to look into their private communication. There are laws that say that you don't have the right to do so anyway.

    So, where are you living ? If your laws make your live difficult to give your clients the services you like to give, well, you will know what to do then when you vote next time ;)



  • Suppose Im only concerned with loggin Macs and date/time stamps then; how can I accomplish that?

    EDIT: I'm not in France. Save the politics for another time  ;D



  • @JerryV06:

    Suppose Im only concerned with loggin Macs and date/time stamps then; how can I accomplish that?

    Activate authentication.

    You'll be having a log like this :

    Nov 24 06:35:11 	logportalauth 	20593 	Zone: cpzone1 - LOGIN: 109, 70:de:e2:84:da:ee, 192.168.2.239
    Nov 24 05:27:39 	logportalauth 	66704 	Zone: cpzone1 - TIMEOUT: 212, 44:2c:05:47:41:49, 192.168.2.18
    Nov 24 04:35:17 	logportalauth 	45602 	Zone: cpzone1 - TIMEOUT: 202, 88:63:df:83:26:00, 192.168.2.13
    Nov 24 04:07:06 	logportalauth 	40072 	Zone: cpzone1 - TIMEOUT: 106, c8:85:50:19:c5:df, 192.168.2.10
    Nov 24 03:26:34 	logportalauth 	28397 	Zone: cpzone1 - LOGIN: 110, 58:48:22:d4:08:83, 192.168.2.12
    Nov 24 03:09:06 	logportalauth 	28397 	Zone: cpzone1 - LOGIN: 212, 44:2c:05:47:41:49, 192.168.2.18
    Nov 24 03:02:39 	logportalauth 	11099 	Zone: cpzone1 - TIMEOUT: 107, d8:3c:69:fc:a5:18, 192.168.2.148
    Nov 24 02:54:35 	logportalauth 	57574 	Zone: cpzone1 - TIMEOUT: 109, 70:de:e2:84:da:ee, 192.168.2.239
    Nov 24 02:13:17 	logportalauth 	5599 	Zone: cpzone1 - TIMEOUT: 203, 18:3d:a2:02:99:f8, 192.168.2.16
    Nov 24 01:23:36 	logportalauth 	94954 	Zone: cpzone1 - LOGIN: 210, 80:13:82:21:45:b2, 192.168.2.17
    Nov 24 00:45:40 	logportalauth 	20329 	Zone: cpzone1 - TIMEOUT: 103, 48:51:b7:80:d5:a4, 192.168.2.11
    Nov 24 00:34:35 	logportalauth 	27497 	Zone: cpzone1 - TIMEOUT: 108, f0:db:f8:9e:be:35, 192.168.2.8
    Nov 24 00:26:31 	logportalauth 	11276 	Zone: cpzone1 - TIMEOUT: 110, 58:48:22:d4:08:83, 192.168.2.12
    Nov 24 00:22:30 	logportalauth 	86792 	Zone: cpzone1 - TIMEOUT: 109, b8:76:3f:3f:e7:99, 192.168.2.14
    Nov 23 21:59:01 	logportalauth 	94954 	Zone: cpzone1 - LOGIN: 203, 18:3d:a2:02:99:f8, 192.168.2.16