Internet activity - saving events

  • Hi,

    I am a beginner in pfsensie and so I have a question. Basic.

    I'm looking for functionality or possibilities how to solve this problem. I need to collect such as Web logs - information such ip local computer that connects to an external ip - the date and time. In short, who visited the ip and when. I have these logs archived and kept for two years. I was looking for a solution in search engine and descriptions Packages but nothing concrete is not found. Is this a big problem in pfsensie?
    Or archive Internet activity, and how you resolved it?


    Sorry for my english

  • The squid package will log all http traffic including destination, source, and date/time stamp.  There are also packages like lightSquid that can parse the logs into more visually appealing reports with graphs etc.  I attached a sample from Squid's access.log file so you can decide if it fits your needs:

    1230806674.821    108 TCP_MISS/200 417 HEAD - DIRECT/ application/octet-stream
    1230806674.939     41 TCP_MISS/200 405 HEAD - DIRECT/ application/octet-stream
    1230806678.185     37 TCP_MISS/200 415 HEAD - DIRECT/ application/octet-stream
    1230806679.883     36 TCP_REFRESH_HIT/200 8143 GET - DIRECT/ application/octet-stream
    1230806679.936     53 TCP_REFRESH_HIT/200 8143 GET - DIRECT/ application/octet-stream

  • Hi,

    Thank you very much!

    I attached a sample from my Squid's access.log file from /var/squid/log/

    1291656367.155 179583 TCP_MISS/504 1339 GET - DIRECT/ text/html
    1291656406.239  22076 TCP_MISS/000 0 GET - DIRECT/ -
    1291656406.239   4193 TCP_MISS/000 0 POST - DIRECT/ - 

    What is the date/time stamp? How to figure it out?

    Is this file in any way configured for the size of the time? Can you make it automatically a rip on another server. It has a rotation?


  • The time is in unix format…here is a converter:

    Yes, you can setup log rotation.  Yes, you can have the server log to another physical server.

  • Hi,

    The time is in unix format. And that be so, as I understand it.

    Log to another physical server. How this can be done eg on Windows server? If there is a possibility.

    In Proxy server: General settings >> Custom Options I have:

    redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

    What is this?

    Thank you for your reply.


Log in to reply