Internet activity - saving events



  • Hi,

    I am a beginner in pfsensie and so I have a question. Basic.

    I'm looking for functionality or possibilities how to solve this problem. I need to collect such as Web logs - information such ip local computer that connects to an external ip - the date and time. In short, who visited the ip and when. I have these logs archived and kept for two years. I was looking for a solution in search engine and descriptions Packages but nothing concrete is not found. Is this a big problem in pfsensie?
    Or archive Internet activity, and how you resolved it?

    adminkg

    Sorry for my english



  • The squid package will log all http traffic including destination, source, and date/time stamp.  There are also packages like lightSquid that can parse the logs into more visually appealing reports with graphs etc.  I attached a sample from Squid's access.log file so you can decide if it fits your needs:

    1230806674.821    108 10.21.1.200 TCP_MISS/200 417 HEAD http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - DIRECT/65.54.87.57 application/octet-stream
    1230806674.939     41 10.21.1.200 TCP_MISS/200 405 HEAD http://update.microsoft.com/v8/microsoftupdate/redir/MUAuth.cab? - DIRECT/65.55.25.93 application/octet-stream
    1230806678.185     37 10.21.1.200 TCP_MISS/200 415 HEAD http://download.windowsupdate.com/v8/microsoftupdate/redir/muv3muredir.cab? - DIRECT/65.54.87.59 application/octet-stream
    1230806679.883     36 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891918_f90a43e2e22893857f7c1d3228e2d01ee45bf0be.cab - DIRECT/65.54.87.59 application/octet-stream
    1230806679.936     53 10.21.1.200 TCP_REFRESH_HIT/200 8143 GET http://download.windowsupdate.com/msdownload/update/software/dflt/2008/11/1891920_e7f6c3f19a0f3e20253f14efaa7aeb7a52be1936.cab - DIRECT/65.54.87.57 application/octet-stream
    


  • Hi,

    Thank you very much!

    I attached a sample from my Squid's access.log file from /var/squid/log/

    
    1291656367.155 179583 10.30.30.112 TCP_MISS/504 1339 GET http://earthquake.usgs.gov/eqcenter/catalogs/eqs7day-M2.5.xml - DIRECT/10.30.30.2 text/html
    1291656406.239  22076 10.30.30.112 TCP_MISS/000 0 GET http://finance.yahoo.com/q? - DIRECT/10.30.30.2 -
    1291656406.239   4193 10.30.30.112 TCP_MISS/000 0 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/10.30.30.2 - 
    

    What is the date/time stamp? How to figure it out?

    Is this file in any way configured for the size of the time? Can you make it automatically a rip on another server. It has a rotation?

    adminkg



  • The time is in unix format…here is a converter:
    http://www.onlineconversion.com/unix_time.htm

    Yes, you can setup log rotation.  Yes, you can have the server log to another physical server.



  • Hi,

    The time is in unix format. And that be so, as I understand it.

    Log to another physical server. How this can be done eg on Windows server? If there is a possibility.

    In Proxy server: General settings >> Custom Options I have:

    redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
    

    What is this?

    Thank you for your reply.

    adminkg


Log in to reply