Internet Log access



  • Hi everyone,

    I'm new in pfsense and have some challenges to figure out for the enterprise i'm working for.

    Pfsense is our firewall and internet proxy server, though we have some people for who the internet access doesn't pass through a proxy. Meaning they have a

    direct access to the net.

    My question is: How can i be able lo have their log? and all the sites they view.

    In "Squid Proxy's Real Time i only get the log of people getting access through the Proxy.

    Please help.



  • Go to their computer and look at their browser history.  That's about the only way if they aren't using the proxy.



  • There are 2 components you may be referring to:  Squid and SquidGuard.  If you aren't using SquidGuard I don't see a reason to leave them out of Squid since it likely isn't restricting anything and you can still filter for AV.  If you are using SquidGuard then maybe you can leave them in Squid and just whitelist them in SquidGuard.  That would give you tracking but not restrict them.  Just a thought.



  • I don't see a reason to leave them out of Squid

    Squid will sometimes interfere with some downloads, like Windows Update or antivirus updates.  Until I updated to latest squid a couple of weeks ago, Kaspersky updates would always fail unless I exempted the client form the proxy.



  • @KOM:

    I don't see a reason to leave them out of Squid

    Squid will sometimes interfere with some downloads, like Windows Update or antivirus updates.  Until I updated to latest squid a couple of weeks ago, Kaspersky updates would always fail unless I exempted the client form the proxy.

    If you know the IPs for Kaspersky, then Squid has a place to bypass IPs.  I've never had it interfere with Windows updates.  Only time I've needed to use it is for Quickbooks installer downloads.



  • If you know the IPs for Kaspersky, then Squid has a place to bypass IPs.

    I don't like playing that whack-a-mole game.

    I manage a lot of Windows boxes, and the problem was only with my 2012/2012R2 servers.  Others (2008, 2008R2, 2016) worked well but sometimes those 2012R2 ones would be fussy and would fail when checking or downloading.  Making them direct would get past the issue.  The Kaspersky problem plagued us for several months until I updated squid to the current 3.5.27 and that problem vanished.



  • @KOM:

    If you know the IPs for Kaspersky, then Squid has a place to bypass IPs.

    I don't like playing that whack-a-mole game.

    I manage a lot of Windows boxes, and the problem was only with my 2012/2012R2 servers.  Others (2008, 2008R2, 2016) worked well but sometimes those 2012R2 ones would be fussy and would fail when checking or downloading.  Making them direct would get past the issue.  The Kaspersky problem plagued us for several months until I updated squid to the current 3.5.27 and that problem vanished.

    Interesting.  We have 2008R2, 2012, 2012r2, and 2016 across several sites and haven't had any issues with updates on any of them.  Maybe it was the version you were running or a config that was causing it.  Do you use aliases much?  We create aliases for vendors (mail servers, VOIP providers, etc.) and then an alias that includes all the aliases (a master alias).  Then we apply that master alias in each of the security products so they never get blocked. That gives us a single place to update IPs.  It only gets updated rarely but we never had issues with MS updates so YMMV.



  • No, nothing like that for us.  It was a consistent 8024xxxx errors when trying to update, and all problems vanished after we moved to squid 3.5.27.

    And don't ask about WSUS.  That's a whole other story here.



  • @KOM:

    I don't see a reason to leave them out of Squid

    Squid will sometimes interfere with some downloads, like Windows Update or antivirus updates.  Until I updated to latest squid a couple of weeks ago, Kaspersky updates would always fail unless I exempted the client form the proxy.

    That it is. For some updates and for other reason i have to exempt some users from the proxy. And with that configuration i don't know how i can get their logs.