[TCLUG] Logging network trafic/Parental Control

Wed Oct 20 17:13:36 CDT 2004

Dan Rue wrote:
> Yeah, I had to set this up at work *sigh*.. 
> 
> What I ended up doing was set up a squid cache proxy on my firewall,
> then in my firewall ruleset redirect outgoing port 80 to localhost 3129
> (i think that's the right port..).
> 
> Squid by default logs all activity.  There's a nice squid log analyzer
> called sarg that creates nice traffic reports per IP.
> 
> I think I have some notes on a wiki somewhere.  Let me know if you need
> help.  
> 
> It also might be worth looking at some of the firewall distros - i don't
> know but i'd suspect one of them has something like dans guardian built
> in (which is an add on to the setup above to actually block content).
> 
> Dan
> 

That would be great, could you send me a snip of a report?  The sarg 
site has a sample up and it looks great, but all it shows is the HOST, 
and not the GET.  If it can show the GET lines, then you can see exactly 
what files were accessed on the site.  If the site is something like 
members.tripod.com, the GET line could be either "GET 
/~linux_user/index.php" or "GET /~ms_user/exploits.asp".  One is clearly 
more devious than the other, but if all that is known is the HOST, you 
can't tell if it was ok or not.

I'm doing this for a non-tech family right now so thats why I'm 
asking/being picky.  :)  If this goes well, I'll probably use the same 
setup myself.

Are you doing anything for IM (msn/icq/aol/yahoo)?  These are the tricky 
ones since most traffic will be sent to a server, I'll probably have to 
analyze the content instead, maybe by a keyword search or something (I 
don't want to steal ALL of the kids' privacy).

I don't think I'd set it up to block traffic, having the kids know that 
their parents are monitoring them online should be enough of a 
deterrent.  That and a system that just blocks everything is bound to 
have flaws or make false positives/negatives, and can make for lazy 
parents.  If they want to in the future, at least I will know that it's 
available, as long as it logs/reports what it's doing.  With a report, 
if something comes up, the parents can deal with it in their own way. 
Having the content blocked, without anyone knowing, wouldn't change the 
bad behavior, parental intervention would have better luck.

Thanks for the info

Chris Frederick

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list