LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 09-11-2009, 04:05 PM   #1
RedHelix
LQ Newbie
 
Registered: Mar 2004
Location: BAWstun Massachusetts
Distribution: Red Hat
Posts: 9

Rep: Reputation: 0
Sending email notifications on a Squid proxy server


Hello everyone,
I've set up a Squid proxy server for my company whose main purpose will be filtering web content by blocking domains listed in a file. Users authenticate via LDAP to our Windows domain controller, and website permissions (such as who can see certain blocked websites, like say facebook,) are doled out through security groups in the AD tree.

In this regard, everything is set up and working perfectly.

My boss just threw a curveball at me. He wants me to find a way to implement email notifications, such that every time the server denies a user HTTP access to a website, it fires off an email to him via our exchange server.

I haven't been able to find much on this on Google. I was wondering if any of you could point me in the right direction, be it personal advice or a helpful article.

The system is a relatively barebones Ubuntu install running squid3 2.6.24-19.

Much appreciated!
Jack
 
Old 09-12-2009, 09:22 AM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
Quote:
Originally Posted by RedHelix View Post
My boss just threw a curveball at me. He wants me to find a way to implement email notifications, such that every time the server denies a user HTTP access to a website, it fires off an email to him via our exchange server.
Has the consideration of the amount of email notifications your boss will be getting if an email is sent from every "DENIED" domain squid handles every time squid denies it? Depending on the size of your block list and frequency of inadvertent access, requests could become a bigger headache than initially anticipated. Say... a site that shows ads that appear in otherwise normally allowed pages, but you have for whatever reason denied that domain to your user-base.

Last edited by rayfordj; 09-12-2009 at 09:23 AM.
 
Old 09-12-2009, 10:11 AM   #3
RedHelix
LQ Newbie
 
Registered: Mar 2004
Location: BAWstun Massachusetts
Distribution: Red Hat
Posts: 9

Original Poster
Rep: Reputation: 0
Yes; he already receives per-incident email notifications from the content filter on our Sonicwall. It does indeed flood his inbox but he routes them to a subfolder and has made a ton of email rules to discard block notifications from ad sites. Not terribly efficient, but he wants what he wants.

(We are subbing out the Sonicwall content filter for Squid because we need a filtering solution that also has ICAP support.)

I suppose if there's a way to create a "block events" logfile at the beginning of every day and append to it for each event, then email it, that would work as well. Again, though, I haven't been able to find any posts or articles on where to begin on this.

Last edited by RedHelix; 09-12-2009 at 10:20 AM.
 
Old 09-12-2009, 10:41 AM   #4
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
While I've not configured for email notification, I'll throw these ideas out there...
    • use squidalyser to parse through squid log(s) and dump to a mysql db
    • have boss use browser to query
    • use squidalyser to parse through squid log(s) and dump to a mysql db
    • write or find something to query db, generate report, email boss
    • write or find something to parse through squid log(s) for denied accesses meeting your criteria, sort, format, and email boss

Daily roll-up reports should be more manageable and cause less impact to mail server. Looking over the sf page for squidalyser it has come a long way since I last used it. Looks like it has some nice reporting/displaying features that you and/or your boss might like.


I know it may not be a complete or explicit solution, but I do hope this helps.

 
Old 09-12-2009, 11:54 AM   #5
RedHelix
LQ Newbie
 
Registered: Mar 2004
Location: BAWstun Massachusetts
Distribution: Red Hat
Posts: 9

Original Poster
Rep: Reputation: 0
Oooh, that actually does help a lot. Thank you!
 
  


Reply

Tags
email, notification, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 12:25 PM
Gmail and yahoo mail fail sending with attachment using squid 2.5 stable 7 proxy daniel314 Linux - Networking 2 10-20-2009 03:36 PM
Problem sending email through new email server bigben747 Linux - Server 3 01-26-2009 06:16 PM
Using ISA Server as Parent Proxy and want to setup Squid as dwonstream proxy tauseef1 Red Hat 1 04-09-2008 02:03 AM
Sending a default web page to the connected computers through squid proxy jomy Linux - Networking 1 09-07-2007 10:39 AM


All times are GMT -5. The time now is 04:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration