LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Sending email notifications on a Squid proxy server (http://www.linuxquestions.org/questions/linux-server-73/sending-email-notifications-on-a-squid-proxy-server-754478/)

RedHelix 09-11-2009 03:05 PM

Sending email notifications on a Squid proxy server
 
Hello everyone,
I've set up a Squid proxy server for my company whose main purpose will be filtering web content by blocking domains listed in a file. Users authenticate via LDAP to our Windows domain controller, and website permissions (such as who can see certain blocked websites, like say facebook,) are doled out through security groups in the AD tree.

In this regard, everything is set up and working perfectly.

My boss just threw a curveball at me. He wants me to find a way to implement email notifications, such that every time the server denies a user HTTP access to a website, it fires off an email to him via our exchange server.

I haven't been able to find much on this on Google. I was wondering if any of you could point me in the right direction, be it personal advice or a helpful article.

The system is a relatively barebones Ubuntu install running squid3 2.6.24-19.

Much appreciated!
Jack

rayfordj 09-12-2009 08:22 AM

Quote:

Originally Posted by RedHelix (Post 3679195)
My boss just threw a curveball at me. He wants me to find a way to implement email notifications, such that every time the server denies a user HTTP access to a website, it fires off an email to him via our exchange server.

Has the consideration of the amount of email notifications your boss will be getting if an email is sent from every "DENIED" domain squid handles every time squid denies it? Depending on the size of your block list and frequency of inadvertent access, requests could become a bigger headache than initially anticipated. Say... a site that shows ads that appear in otherwise normally allowed pages, but you have for whatever reason denied that domain to your user-base.

RedHelix 09-12-2009 09:11 AM

Yes; he already receives per-incident email notifications from the content filter on our Sonicwall. It does indeed flood his inbox but he routes them to a subfolder and has made a ton of email rules to discard block notifications from ad sites. Not terribly efficient, but he wants what he wants.

(We are subbing out the Sonicwall content filter for Squid because we need a filtering solution that also has ICAP support.)

I suppose if there's a way to create a "block events" logfile at the beginning of every day and append to it for each event, then email it, that would work as well. Again, though, I haven't been able to find any posts or articles on where to begin on this.

rayfordj 09-12-2009 09:41 AM

While I've not configured for email notification, I'll throw these ideas out there...
    • use squidalyser to parse through squid log(s) and dump to a mysql db
    • have boss use browser to query
    • use squidalyser to parse through squid log(s) and dump to a mysql db
    • write or find something to query db, generate report, email boss
    • write or find something to parse through squid log(s) for denied accesses meeting your criteria, sort, format, and email boss

Daily roll-up reports should be more manageable and cause less impact to mail server. Looking over the sf page for squidalyser it has come a long way since I last used it. Looks like it has some nice reporting/displaying features that you and/or your boss might like.


I know it may not be a complete or explicit solution, but I do hope this helps.

:study:

RedHelix 09-12-2009 10:54 AM

Oooh, that actually does help a lot. Thank you!


All times are GMT -5. The time now is 05:24 PM.