Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey.
I am running a linux firewall and I was wondering if anybody knew of some good traffic logging software. Ok I am not really concerned about tracking the amount of traffic on the router, but if I go to google or linux.com then I want the router to log the full address and the time. If I can only log the IP addresses and the pages of that ip then that would be ok but I'd rather have it the other way.
One side note, I am doing this just for my own amusement. I'm not trying to spy on my family (I live alone) or anything devious like that. But truth be told, I'd like to implement something like this at work because we're having lots of trouble with this and I'm the one who gets to spend 2 hrs cleaning off infested Windows PCs. It would be nice for people to think they can't just browse anywhere anytime (It is a hospital.... I'm pretty sure they have better things to do than download games).
But anyhow, any suggestions anybody could give me would be mucho appreciato.
Most of our client PCs here are W2k. We have some software that needs admin priveleges to work. Not all PCs need the software so we limit some PCs. This is one of those problems that goes in waves. We'll see a lot, then crack down on it. Then the problem subsides for a while. We have a firewall that has some logging capablilites; we just need to get people thinking we are going to start checking those daily again.
Ok. Ntop crapped out during the ./configure stage of install. I've looked online for a while on how to resolve this. Is there another program similar to the ntop that someone knows about?
have you built the chart libs before configuring ntop?
you can read about building them in ntop/docs/BUILD-NTOP.txt:
in addition to the 2 points below, you may read point 1 as it lists what's needed to build ntop.
alternatively, try searching www.rpmfind.net for appropriate rpms' - in this case, you don't have to configure/compile it yourself.
if you absolutely don't want to use ntop, maybe iptraf (homepage can help out.
-----
2. Build chart libraries
- cd gdchart0.94c/
- ./configure
- cd gd-1.8.3/libpng-1.2.4
- cp scripts/makefile.[make your choice] Makefile
- make
- cd ../../zlib-1.1.4/
- ./configure
- make
- cd ..
- make
If you're using a gcc-powered system you can type
- cd gdchart0.94c/
- ./buildAll.sh
Note: It MAY be necessary for some of these packages on some systems
to do a "make install". If you get error messages concerning
missing libraries at run time, then try doing the make install
from the appropriate subdirectory.
If you want to log web usage, you might think about squid........you can turn off the caching function and just have it log all of your traffic. You then could block all outgoing web requests at the firewall unless it originates from the squid proxy server. From there have all of the Windows clients configure their browsers to use the squid proxy server.
This could have 2 advantages for you.
1.) It doesnt let out internet traffic (through the firewall) that doesnt go through the proxy server first.
2.) It makes sure they know that you are watching what they are doing by having them change the proxy settings. You can add passwords also I believe per user.
Ok. I've got ntop running on my home router. I went to my web interface to see if it logged where I went and it did. I don't think it gave the full address (the directory and page name that was visited) but that's ok for now. The problem I have is that it shows where I went for the last hour and that's it. I want more info than that. I'd like a weeks worth of information and I'd like to have a few weeks worth backed up so I could review last weeks if possible. Is this possible w/ this program? I'm impressed w/ the info it has given thus far, but I need more.
Here is my command to start it:
/usr/local/bin/ntop -d -i eth1 -p HTTP=http,https -r 120 -w 10001 -W 0 -u xuser -P /var/spool/ntop -s
Originally posted by benjithegreat98 The problem I have is that it shows where I went for the last hour and that's it. I want more info than that.
ok...ahm...if ntop is running since one hour, then there is just information gathered the last hour.
if ntop captuers one week, it will show all connections made during this week.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.