Captive Portal User Usage Track
-
Hello,
I am working as Network Engineer in a elementary school where they have internet. The requirement requires the teacher to login using their own unique account through Captive Portal which authenticated by MS Windows server 2016 AD/Radius.
I need to find ways to track user usage based on their username, what website where they visit and bandwidth usage. So far, I have tested NTOPNG but it doesn't show the username on local device. I really need this feature since the school might need to retrieve the data for user who happen to abuse their network policy.
I have been searching to see is there any way to do this but no luck. I used to deal with Sonicwall before with user authentication and they are able to generate username based usage report on Sonicwall analyzer. Just wondering if this feature also exist in pfSense.
Thank you
-
@ccmks said in Captive Portal User Usage Track:
what website where they visit
...at this point, you are not looking for a captive portal, but a proxy server. You should really have a look to Squid3 package on pfSense and to SARG ?
Please be also aware that you would have to deal with privacy concern. You should really have agreement of parents before setting up a proxy server (if you ever heard about GDPR or Data Privacy Act, you should understand why)
If You don't specially want to link visited websites to users, a captive portal on pfSense + an internal DNS server could be enough. DNS logs would tell you the website visited in your school, captive portal status would tell you the bandwith.
Of course, you won't be able to tell which user visited which website...Which is (in my opinion) a good thing. Watching visited websites would still make you able to block undesirable websites if necessary.
A third possiblity would be to setup a SIEM (eg, splunk) that would receive logs from captive portal and from DNS, and would correlate which user visited which website.
-
@free4 said in Captive Portal User Usage Track:
@ccmks said in Captive Portal User Usage Track:
what website where they visit
...at this point, you are not looking for a captive portal, but a proxy server. You should really have a look to Squid3 package on pfSense and to SARG ?
I need a captive portal, due to in the past, the teacher just deliberately gave out the pre-shared wifi password to other people and they were all abusing our network. The school management decide to go with captive portal solution where each teacher will login with their own unique username and password and will be solely liable for their account. With captive portal solution, it will mitigate the outsider access.
Please be also aware that you would have to deal with privacy concern. You should really have agreement of parents before setting up a proxy server (if you ever heard about GDPR or Data Privacy Act, you should understand why)
The location where I am working on is in Indonesia so those Act won't be applicable. Also, the internet access is meant to be for teacher, not for student (as for now yet). I had all teachers signed our internet usage policy prior giving the credential to login that they are obligated to follow our network policy and we reserve right to retrieve log in event of abuse and take disciplinary action against the offender.
If You don't specially want to link visited websites to users, a captive portal on pfSense + an internal DNS server could be enough. DNS logs would tell you the website visited in your school, captive portal status would tell you the bandwith.
Of course, you won't be able to tell which user visited which website...Which is (in my opinion) a good thing. Watching visited websites would still make you able to block undesirable websites if necessary.
I won't be monitoring the usage all the time. It just need the log to be stored on firewall and retrievable in the event of abuse. In that case, I need to know when the user login and what website did they visit during the session. This will be very helpful especially when we are dealing with legal.
A third possiblity would be to setup a SIEM (eg, splunk) that would receive logs from captive portal and from DNS, and would correlate which user visited which website.
Any idea on how to accomplish this?
Thank you
-
Have you found any solution for the Captive Portal with tracking the users logs yet?
I have found one but it's a paid one not for free...
if you got a good one, please update...
thank you -
@Ahabash I'm not sure to understand
The logs of the captive portal are pretty clear and nice? You can see clearly who connected/disconnected
If you are looking the logs of web traffic made by the users instead...then what you are looking for is a transparent proxy, not a captive portal. you should have a look to squid package on pfsense in this case?
-
This post is deleted! -
@free4 thank you...
I need to implement a control for school; students and teachers, I built AD/LDAP with pfsense to let users authenticated using AD. The majority has their mobiles/BYOD, I need to trace the activities of each of the users (by user name) and check what visited URLs.
I hope I made myself more clear. -
@Ahabash you are already able to do that.
Using DNS logs+ captive portal logs, you can check which user accessed which website.If you are looking for the precise URL (and not just domains) : please be aware that most of websites are in HTTPS nowadays (which mean : you can't).