Logging all URL access

jdejong

I have a client who is looking to log all HTTP traffic in a rolling log (ie. 3 months of logs, one log for each day). This is for a condo community that is offering wired/wireless interent to all people in the community. There biggest worry is getting a DMCA request or someone doing something illegal. I know squid can do this but I am worried about performance as well as being able to log everything i need (MAC, IP, Date/Time, URL).

Let me know your thoughts. Thanks!

jimp

The only way to do this would be with a proxy of some kind. Squid would work for HTTP transparently, but not HTTPS. If you want to do that, the clients would have to either hardcode the proxy settings or you could setup WPAD and they can use proxy autoconfigure.

Even squid won't get the MAC address, though, just IP, date/time, and URL.

Even if you could write some sort of DPI tool that would log URLs, it would still only work for HTTP.

Another way around this is to give all your clients public IP addresses (which may not be feasible), and then just keep a record of who was assigned which public IP when (PPPoE would help you here, if you forced auth).

Squid shouldn't be too bad performance-wise if you don't really have it caching, just logging.