Monitoring User Traffic
I am sure this has been discussed, but I can not find any info in my search. Does anyone know if there is a way in the logging to syslog where users are going? I can only find syslog sections for system and firewall events. I thought maybe I would be able to log DNS Queries and dump them to a syslog server?
Check the log option for your default lan to any rule. Then all connections will be logged as pass in your syslogs. Other option is to use a package like darkstat or ntop.