log web access

I use Linux iptables as the NAT box of our company.

I want to know which sites our users access to.
iptables only logs the IP address of web sites.

I don't want to use Transpareny Proxy and Squid because
it slows down the speed of surfing web.

Any good method?
I need a fancy report which shows every web sites of our users access to.

"Thomas B" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om

> I use Linux iptables as the NAT box of our company.
>
> I want to know which sites our users access to.
> iptables only logs the IP address of web sites.

It won't help with resolving virtual domains that are visited since any
number of those can be hosted at a single IP address, but if you run the
logfile for HTTP connections through "jdresolve"
http://jdrowell.com/projects/jdresolve before feeding it to "analog"
http://www.analog.cx/ or some such logfile analyzer, you'll go a long way
towards identifying visited sites.

BTW, "want to know" is quite different from "need to know", and I encourage
you to examine your motives for spying on the activities of your users.

tony

--
use hotmail for email replies

On 14 May 2004 20:48:05 -0700, Thomas B <(E-Mail Removed)> wrote:
>
>
> I use Linux iptables as the NAT box of our company.
>
> I want to know which sites our users access to.
> iptables only logs the IP address of web sites.
>
> I don't want to use Transpareny Proxy and Squid because
> it slows down the speed of surfing web.
>
> Any good method?
> I need a fancy report which shows every web sites of our users access to.

I can think of a couple of fairly simple ways to do this, but agree
with ynotssor...Why do you want to do this? Will you be logging usernames
or userids or ethernet addresses (etc.) too? Does your boss/company know
you are trying to set this up?

Why are you posting through google and using using yahoo for mail?
Netvigator.com has a newsfarm and mail service. (Their homepage is in Chinese.)

Why don't you post this again from work and use your mail address there
and include company info? Or at least use your regular address.


AC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking Thomas B <(E-Mail Removed)> suggested:
> I use Linux iptables as the NAT box of our company.

> I want to know which sites our users access to.
> iptables only logs the IP address of web sites.

> I don't want to use Transpareny Proxy and Squid because
> it slows down the speed of surfing web.

Rubbish, squid speeds up web access tremendously, while offering
multiple ways of logging access. I doubt you have ever used it.

> Any good method?
> I need a fancy report which shows every web sites of our users access to.

You are aware of legal issues? There are various content
filtering packages, like squidguard/dansguard available, which
might be useful, without disturbing users privacy.

Good luck

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFApcZWAkPEju3Se5QRAqezAKCAvUbbMg1liDGQtiiNmh bqDJ2hsACdGIRX
s/ZVih6maGb6DoHwGGsVO5I=
=o39h
-----END PGP SIGNATURE-----