LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-25-2003, 06:55 PM   #1
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Suggestions for network logging program


Hey.
I am running a linux firewall and I was wondering if anybody knew of some good traffic logging software. Ok I am not really concerned about tracking the amount of traffic on the router, but if I go to google or linux.com then I want the router to log the full address and the time. If I can only log the IP addresses and the pages of that ip then that would be ok but I'd rather have it the other way.

One side note, I am doing this just for my own amusement. I'm not trying to spy on my family (I live alone) or anything devious like that. But truth be told, I'd like to implement something like this at work because we're having lots of trouble with this and I'm the one who gets to spend 2 hrs cleaning off infested Windows PCs. It would be nice for people to think they can't just browse anywhere anytime (It is a hospital.... I'm pretty sure they have better things to do than download games).

But anyhow, any suggestions anybody could give me would be mucho appreciato.
 
Old 12-25-2003, 11:32 PM   #2
meks
Member
 
Registered: Jul 2003
Location: AT, Upper Austria
Posts: 33

Rep: Reputation: 15
hi

try ntop - you will love it.
it does the simple tasks you want to be done. and it does much more
theres nearly no configuration needed.

you can get ntop from www.ntop.org
 
Old 12-25-2003, 11:41 PM   #3
Kahless
Member
 
Registered: Jul 2003
Location: Pennsylvainia
Distribution: Slackware / Debian / *Ubuntu / Opensuse / Solaris uname: Brian Cooney
Posts: 503

Rep: Reputation: 30
What version of windows are your clients running? You might be able to prevent alot of the issues by giving them guest accounts
 
Old 12-26-2003, 09:24 AM   #4
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Original Poster
Rep: Reputation: 45
Thanks, I'll check out ntop later on.

Most of our client PCs here are W2k. We have some software that needs admin priveleges to work. Not all PCs need the software so we limit some PCs. This is one of those problems that goes in waves. We'll see a lot, then crack down on it. Then the problem subsides for a while. We have a firewall that has some logging capablilites; we just need to get people thinking we are going to start checking those daily again.
 
Old 12-26-2003, 12:43 PM   #5
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Original Poster
Rep: Reputation: 45
Ok. Ntop crapped out during the ./configure stage of install. I've looked online for a while on how to resolve this. Is there another program similar to the ntop that someone knows about?
 
Old 12-26-2003, 01:00 PM   #6
meks
Member
 
Registered: Jul 2003
Location: AT, Upper Austria
Posts: 33

Rep: Reputation: 15
have you built the chart libs before configuring ntop?
you can read about building them in ntop/docs/BUILD-NTOP.txt:

in addition to the 2 points below, you may read point 1 as it lists what's needed to build ntop.
alternatively, try searching www.rpmfind.net for appropriate rpms' - in this case, you don't have to configure/compile it yourself.

if you absolutely don't want to use ntop, maybe iptraf (homepage can help out.

-----
2. Build chart libraries

- cd gdchart0.94c/
- ./configure
- cd gd-1.8.3/libpng-1.2.4
- cp scripts/makefile.[make your choice] Makefile
- make
- cd ../../zlib-1.1.4/
- ./configure
- make
- cd ..
- make

If you're using a gcc-powered system you can type
- cd gdchart0.94c/
- ./buildAll.sh

Note: It MAY be necessary for some of these packages on some systems
to do a "make install". If you get error messages concerning
missing libraries at run time, then try doing the make install
from the appropriate subdirectory.

3. Build ntop

- cd ntop
- ./configure
- make
- make install
---
 
Old 12-26-2003, 01:28 PM   #7
Gates1026
Member
 
Registered: Sep 2003
Location: Iowa
Distribution: Slackware 9.1
Posts: 155

Rep: Reputation: 30
If you want to log web usage, you might think about squid........you can turn off the caching function and just have it log all of your traffic. You then could block all outgoing web requests at the firewall unless it originates from the squid proxy server. From there have all of the Windows clients configure their browsers to use the squid proxy server.

This could have 2 advantages for you.

1.) It doesnt let out internet traffic (through the firewall) that doesnt go through the proxy server first.

2.) It makes sure they know that you are watching what they are doing by having them change the proxy settings. You can add passwords also I believe per user.

This is just a quick suggestion Hope this helps!
 
Old 12-26-2003, 01:41 PM   #8
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Something like squid or privoxy would probably help quite a bit.
 
Old 12-26-2003, 02:05 PM   #9
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Original Poster
Rep: Reputation: 45
Thanks all!
I look into all these.
 
Old 12-27-2003, 06:40 PM   #10
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Original Poster
Rep: Reputation: 45
Ok. I've got ntop running on my home router. I went to my web interface to see if it logged where I went and it did. I don't think it gave the full address (the directory and page name that was visited) but that's ok for now. The problem I have is that it shows where I went for the last hour and that's it. I want more info than that. I'd like a weeks worth of information and I'd like to have a few weeks worth backed up so I could review last weeks if possible. Is this possible w/ this program? I'm impressed w/ the info it has given thus far, but I need more.

Here is my command to start it:
/usr/local/bin/ntop -d -i eth1 -p HTTP=http,https -r 120 -w 10001 -W 0 -u xuser -P /var/spool/ntop -s
 
Old 12-27-2003, 10:10 PM   #11
meks
Member
 
Registered: Jul 2003
Location: AT, Upper Austria
Posts: 33

Rep: Reputation: 15
Quote:
Originally posted by benjithegreat98
The problem I have is that it shows where I went for the last hour and that's it. I want more info than that.
ok...ahm...if ntop is running since one hour, then there is just information gathered the last hour.
if ntop captuers one week, it will show all connections made during this week.

ntop is not able to tell you the future
 
Old 12-29-2003, 09:01 AM   #12
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Original Poster
Rep: Reputation: 45
No.....
Ntop runs for hours and only gives the last one hour worth of info.

Last edited by benjithegreat98; 12-29-2003 at 10:08 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging program exec leckie Linux - Security 1 08-06-2004 09:45 AM
suggestions for chat program? Cheechi Linux - Software 17 07-15-2004 03:54 AM
analoge tapes -> ogg/mp3 program suggestions Franklin Linux - Software 8 05-25-2003 08:25 PM
noddy program suggestions for python acid_kewpie Programming 0 07-17-2002 08:03 AM
Starting program automatically as logging in adcripps Linux - Newbie 9 03-13-2002 01:47 PM


All times are GMT -5. The time now is 12:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration