RE: FW: [squid-users] Looking for web usage reporting solution

From: Aaron Spurlock <aarons_at_technovationdesign.com>
Date: Fri, 13 Nov 2009 17:08:05 -0700

> -----Original Message-----
> From: Brian Mearns
> Sent: Friday, November 13, 2009 10:11 AM
> Subject: Re: FW: [squid-users] Looking for web usage reporting solution
>
> On Fri, Nov 13, 2009 at 11:54 AM, Aaron Spurlock
> >> -----Original Message-----
> >> ----------------------------------------
> >> > Subject: [squid-users] Looking for web usage reporting solution
> >> >
> >> > I am looking for a web usage reporting solution that can run via
> >> sniffing or from a mirror port on a switch. I envision this solution
> >> would simply log each URL request it sees and allow reports to be
> >> generated on web sites that internal users have gone to. I've
> searched
> >> high and low, but cannot find a "ready-made" solution, so I'm
> looking
> >> to put it together myself.
> >> >
> >>
> >> What's wrong with running a bash script on the squid logs?
> >>
> >
> > I assume absolutely nothing is wrong with it, and the simplicity
> would be grand! I'm just having a tough time wrapping my head around
> how to get those logs in the first place. Can I set squid up to only
> log the traffic it sees passing through port 80, so it could run in a
> sniffing scenario and not inline? If so, I'll definitely start playing
> with that because that would be a simple solution.
> >
>
> Correct me if I'm wrong, you don't currently have Squid set up, do
> you? Squid is a proxy server, so by definition is sits inline between
> the client and the origin server. As far as I know, there is no
> parallel sniffing mechanism available: all traffic either passes
> through Squid or it doesn't.

Actually I do, but obviously as an inline solution (running on a border server acting as a firewall/caching/filtering server). I've just had this request for a passive, non-inline solution and was exploring squid, as it already has the reporting side of it down.

I do think, though, that squid isn't the right solution in this scenario. I've done a little poking with ideas that the comments here have caused me to have and am now looking at tcpdump and tshark (command-line wireshark) as possible solutions. They already are designed to sniff promiscuously, can capture only HTTP (port 80) based traffic and pass it off. What they pass it off to becomes the question, but I think that is more easily solved than trying to get squid to do this passively. I assume perl or even clever bash scripting could handle the parsing and inserting into a database...now I just need to learn perl!
Received on Sat Nov 14 2009 - 00:08:14 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 14 2009 - 12:00:02 MST