Hi,
I was toiling with the idea of logging all users in order to get statistics
on where they are going on the net and how long the are using the system,
etc. I was then introduced to 'SARG' which is doing exactly what I wanted.
Thanks to Bruno Guerreiro who gave me a push in the right direction.
My problem now it that I have noticed that not all activities are logged
in 'access.log'. This includes ftp downloads/uploads, telnet sessions
etc. In particular, some users on my local area network are NOT logged.
Now I have two questions:
1. How do I force everyone (every PC) on the LAN to use the proxy server? I
need to log all activities on the LAN.
2. How do I force all requests, eg ftp, telnet, http, etc. to get logged?
Fred.
-----------------------------------------------------------
> If you need any help...
>
> -----Original Message-----
> From: Fred Kamwaza [mailto:fred@sdnp.org.mw]
> Sent: terça-feira, 29 de Maio de 2001 15:40
> To: bruno.guerreiro@ine.pt
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] Help! Can squid authentication log user
> activit
>
>
> I just want to say thank you very much for the information. I have
> been to the site and I have downloaded 'Sarg'. I will be testing it
> right away.
>
>> Hi,
>> I think that SARG may do the trick for you:
>> http://web.onda.com.br/orso/index.html
>> It doesn't authenticate users, it just analyzes Squid logs.
>> This page also has some sample reports, so you can see if it meets
>> your needs.
>>
>> Regards,
>>
>> Bruno Guerreiro.
>>
>> -----Original Message-----
>> From: Fred Kamwaza [mailto:fred@sdnp.org.mw]
>> Sent: sábado, 26 de Maio de 2001 12:47
>> To: hno@hem.passagen.se
>> Cc: squid-users@squid-cache.org
>> Subject: [squid-users] Help! Can squid authentication log user
>> activities?
>>
>>
>> Dear Henrik,
>>
>> Thanks very much indeed for your invaluable assistance. I very much
>> appreciate your guidance. I have taken note of all tips.
>>
>> I am, however, in a difficult situation. I operate a LAN with a very
>> large number of users but our bandwidth is small. The user share
>> machines. What I would really like to do is allow access only to
>> those registered. When they login, the system should then take logs
>> of who ever is logging on to the system, going on to the Internet. I
>> would like to capture the following information, 'Username', 'IP of
>> machine logged from', 'Time logged in', 'Time logged out' and if
>> possible amount of data transfered in bytes.
>>
>> I was of the opinion that the squid authentication would help me do
>> that. If this is not possible using squid, would you know of anyway
>> I can do this?
>>
>> I am running my system with RedHat 6.2 as a server, on a LAN, with
>> Windows 98 machines as clients.
>>
>>> pam_auth is not really intended for setups requiring authentication
>>> to /etc/shadow, but where you do have a PAM module for connecting to
>>> the user directory in question, but no Squid auth module. /etc/shadow
>>> is one such case, but not a very interesting one from a functionality
>>> perspective.
>>>
>>> As the author of Squid pam_auth I can only agree that there are
>>> concerns about running pam_auth setuserid root for authentication to
>>> /etc/shadow. The brute-force attack issue is a real one, and there
>>> always is the risk of buffer overflows in SUID applications even if
>>> the pam_auth code is beleived to be reasonably secure in this respec
>>> (but there may well be aspects I have overlooked).
>>>
>>> --
>>> Henrik Nordstrom
>>> Squid Hacker
>>>
>>> Lim Seng Chor wrote:
>>>
>>>> i personally feel pam_auth is a dangerous program to run if you are
>>>> running a multi-user system. unless you are running a dedicated-
>>>> cache system, or else pam_auth might get yourself into trouble. this
>>>> may allow users to do brute-force attack on password
>>>> guessing or password sniffing on the port pam_auth listenning. and
>>>> unknown setuid buffer overflow for pam_auth if exists. do this at
>>>> your own risk. good luck!!
>>
>
-- Fred Kamwaza University of Malawi The Polytechnic P/B 303, Chichiri, Blantyre 3 ------------------------------------- Tel: (265) 670 411 (o); (265) 842 891 (m) Fax: (265) 670 578 email: fred@sdnp.org.mw URL: http://poly.sdnp.org.mwReceived on Thu May 31 2001 - 01:33:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:21 MST