Internet activity - saving events
I am a beginner in pfsensie and so I have a question. Basic.
I'm looking for functionality or possibilities how to solve this problem. I need to collect such as Web logs - information such ip local computer that connects to an external ip - the date and time. In short, who visited the ip and when. I have these logs archived and kept for two years. I was looking for a solution in search engine and descriptions Packages but nothing concrete is not found. Is this a big problem in pfsensie?
Or archive Internet activity, and how you resolved it?
Sorry for my english
mhab12 last edited by
The squid package will log all http traffic including destination, source, and date/time stamp. There are also packages like lightSquid that can parse the logs into more visually appealing reports with graphs etc. I attached a sample from Squid's access.log file so you can decide if it fits your needs:
1230806674.821 108 10.21.1.200 TCP_MISS/200 417 HEAD http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - DIRECT/18.104.22.168 application/octet-stream 1230806674.939 41 10.21.1.200 TCP_MISS/200 405 HEAD http://update.microsoft.com/v8/microsoftupdate/redir/MUAuth.cab? - DIRECT/22.214.171.124 application/octet-stream 1230806678.185 37 10.21.1.200 TCP_MISS/200 415 HEAD http://download.windowsupdate.com/v8/microsoftupdate/redir/muv3muredir.cab? - DIRECT/126.96.36.199 application/octet-stream 1230806679.883 36 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891918_f90a43e2e22893857f7c1d3228e2d01ee45bf0be.cab - DIRECT/188.8.131.52 application/octet-stream 1230806679.936 53 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891920_e7f6c3f19a0f3e20253f14efaa7aeb7a52be1936.cab - DIRECT/184.108.40.206 application/octet-stream
Thank you very much!
I attached a sample from my Squid's access.log file from /var/squid/log/
1291656367.155 179583 10.30.30.112 TCP_MISS/504 1339 GET http://earthquake.usgs.gov/eqcenter/catalogs/eqs7day-M2.5.xml - DIRECT/10.30.30.2 text/html 1291656406.239 22076 10.30.30.112 TCP_MISS/000 0 GET http://finance.yahoo.com/q? - DIRECT/10.30.30.2 - 1291656406.239 4193 10.30.30.112 TCP_MISS/000 0 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/10.30.30.2 -
What is the date/time stamp? How to figure it out?
Is this file in any way configured for the size of the time? Can you make it automatically a rip on another server. It has a rotation?
mhab12 last edited by
The time is in unix format…here is a converter:
Yes, you can setup log rotation. Yes, you can have the server log to another physical server.
The time is in unix format. And that be so, as I understand it.
Log to another physical server. How this can be done eg on Windows server? If there is a possibility.
In Proxy server: General settings >> Custom Options I have:
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
What is this?
Thank you for your reply.