Jake Colman wrote:
>
> WebBoy is commercial and only available for WinBlows. I'm really looking for
> an open source solution that will work on my Linux firewall to monitor the
> entire network that's behind it.
>
I know, I'm just obliged to try and sell it :) The developers are some
good friends of mine, and they can't say no to free advertising :)
>
> I think I really like this idea. I can set up squid and use ipchains to
> automatically route all output via squid. This would mean that I do not even
> have to modify each machine's browser configuration to specify a proxy!
>
> I fiddled a bit with squid, installing it via the RH 6.1 rpm. As soon as I
> installed it, it stopped letting me access the web! I uninstalled it for the
> time being but will try it again soon. Any idea if there's any sort of
> utility that will neatly summarize squid's logs so that I can see who
> accessed what?
>
Yah, if you do it invisibly, then people can't just turn their proxy off
to get past the logging. A nice feature if there are some dodgy
characters on your network :) I dunno why squid did that, maybe a config
error?
I was thinking that there might be something to help you in the
portsentry suite of software (a definite possibility), but then I
relaised that there's even a better way of doing things. Using libpcap
you can just do some simple packet sniffing and pull out the relevant
data. I think that there is some framework code that you can download at
ee.lbl.gov. even tcpdump with the right flags will achieve the same goal
that you are after.
Saying this, I do believe that the proxy solution is more elegant,
because it not only provides you with a means of tracking access, it
introduces a new service to the people on your network, which will
probably enhance their web experience.
Of course this is all up to you, but I hope that it helps somewhat...
regards,
Chris Dowling.
> --
> Jake Colman
>
> Principia Partners LLC Phone: (201) 946-0300
> Harborside Financial Center Fax: (201) 946-0320
> 902 Plaza II Beeper: (800) 505-2795
> Jersey City, NJ 07311 E-mail: [EMAIL PROTECTED]
> E-mail: [EMAIL PROTECTED]
> web: http://www.ppllc.com
>
> "Every time I think I've idiot-proofed something someone comes up with a
> better idiot"
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
If a manager offers "constructive advice" and no-one is around to hear
it,
is he still an idiot?
Chris Dowling.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
