Re: [Nolug] internet logging

From: Dustin Puryear <dpuryear_at_usa.net>
Date: Tue, 07 May 2002 21:10:34 -0500
Message-Id: <5.1.0.14.0.20020507205725.040cbcc0@pop.netaddress.com>

At 04:07 PM 5/7/2002 -0500, you wrote:
>All,
>
>I need a log of internet traffic to and from my company.
>
>We are creating an internet policy for our company and are concerned about
>things like corporate espianoge, liability lawsuits, and of course general
>employee abuse.
>
>I have looked at SQUID, but just need to create a searchable traffic log
>where I can pinpoint user abuse for management if need be (rather than a
>"cache" which seems to be SQUIDs primary function).

What kind of traffic do you want to monitor? You mentioned Squid, which is
for HTTP, FTP, and Gopher traffic. Squid works great for that. A cool
solution is to configure Squid to require that users to login first to
Squid via a form that is displayed when they try to visit the first
website. That way you can actually match a user name to a visited website.
It's been a while, but I think you can even tie certain usernames to
certain sites. Say, if you want your insurance department to only be able
to access authorization confirmation tools on various insurance websites.
Squid also gives you other types of access controls based on source and
destination IP addresses/blocks, time of day week, and so forth.

In addition, Squid can do an insane amount of logging. By analyzing this
information with the right tool you can get some really neat statistics,
and spot problem areas.

There are other kinds of traffic that you will probably want to monitor as
well. What about email? What about instant messaging? Kazaa? Imagine the
damage that could be done with a peer-to-peer file transfer tool that uses
HTTP to get around a firewall.

Regards, Dustin

---
Dustin Puryear <dpuryear@usa.net>
UNIX and Network Consultant
http://members.telocity.com/~dpuryear
PGP Key available at http://www.us.pgp.net
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams
___________________
Nolug mailing list
nolug@nolug.org
Received on 05/07/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST