log websites visited

log websites visited

[Vicent Gozalbes]

Hello to all, I'm new in this list.
I have an iptables firewall running in a Debian system in my Office.
I would like to view all websites visited (IPs or name) for my workers.
it's possible with iptables without using a proxy-cache, isn't it?

-- 
Un saludo,
Vicent Gozalbes Sanchis
Departamento Técnico
Datalux Spain S.A.
Tel. +34 96 346 51 35
Fax +34 96 346 52 25
www.datalux-spain.com
www.datalux-lg.com 

Re: log websites visited

[Emilio Casbas]

Vicent Gozalbes wrote:

> Hello to all, I'm new in this list.
> I have an iptables firewall running in a Debian system in my Office.
> I would like to view all websites visited (IPs or name) for my workers.
> it's possible with iptables without using a proxy-cache, isn't it?
>
Iptables works on layer 3 and 4 of the OSI network model,
this mean it operates on the IP and TCP/UDP level, it doesn' t
designed to work in a application layer, for this purpose is used
the proxy server.
http://www.squid-cache.org is a good option.

Thanks
Emilio C.

Re: log websites visited

[Jason Opperisano]

On Fri, 2004-10-01 at 08:41, Vicent Gozalbes wrote:
> Hello to all, I'm new in this list.
> I have an iptables firewall running in a Debian system in my Office.
> I would like to view all websites visited (IPs or name) for my workers.
> it's possible with iptables without using a proxy-cache, isn't it?

if IP's are OK--you can use:

  iptables -A FORWARD -p tcp --syn -s $INSIDE_NET --dport 80 \
    -j LOG --log-prefix "HTTP REQUEST: "

you need to place that rule at a point in your ruleset where it will
actually catch the traffic you're interested in.

-j

disclaimer:  the rules contained in this message are meant to illustrate
the requested functionality only, and not intended as a recommendation
of best practices.  never execute any commands without fully
understanding the implications.

-- 
Jason Opperisano <opie@817west.com>

Re: log websites visited

[Jose Maria Lopez]

El vie, 01 de 10 de 2004 a las 15:21, Emilio Casbas escribió:
> Vicent Gozalbes wrote:
> 
> > Hello to all, I'm new in this list.
> > I have an iptables firewall running in a Debian system in my Office.
> > I would like to view all websites visited (IPs or name) for my workers.
> > it's possible with iptables without using a proxy-cache, isn't it?
> >
> Iptables works on layer 3 and 4 of the OSI network model,
> this mean it operates on the IP and TCP/UDP level, it doesn' t
> designed to work in a application layer, for this purpose is used
> the proxy server.
> http://www.squid-cache.org is a good option.
> 
> Thanks
> Emilio C.

You can add calamaris to the squid proxy with the
transparent proxy feature of iptables to obtain
statistics of the use of the proxy the user are
doing.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"