At 10:34 AM 11/6/2003, Adam Aube wrote:
> >>> Has anyone configured squid as a logging only server? I
> >>> just want to monitor Internet access without caching or
> >>> forwarding of traffic.
>
> >> See the FAQ
>
> > Actually, the answer is no, you can't have squid log without
> > at least proxying (forwarding) your web traffic.
>
>Correct. I just guessed that the OP simply mis-phrased the question.
>
>After all, if they don't plan to have Squid process their traffic, why
>would they even bother installing it?
To log outbound web traffic -- what web sites/pages their users are
visiting. You might be able to do something with "iptables -p tcp --dport
80 -j LOG" and then write a perl script to do DNS lookups, but that doesn't
give you the URL.
You could use "tcpdump -x port 80" on an edge router and store the output,
then scan it for HTTP headers with a perl script. But that would consume
huge amounts of I/O time and disk space.
Probably a layer 7 switch/router can do this. Someone could write a
program that uses promiscuous mode to do it also.
-- =========================
Tom Lahti
Tx3 Online Services
(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================
Received on Thu Nov 06 2003 - 11:59:38 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:10 MST