Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New to Linux...want to track Internet usage on a LAN 2

Status
Not open for further replies.
ForceTen

ForceTen

IS-IT--Management
Jan 11, 2001
9
US
Hello...

I'm new to the world of Linux. I have a LAN here that has a shared T-1 line out to the Internet. Our ISP is running a firewall/proxy setup on their side, so are behind them with a private IP scheme on the LAN.

What I'd like to do is set up some type of box that has all of my http and smtp traffic going through it. Then, I'd like that box to log where the traffic is headed. For example, a client at 192.168.1.50 pulls up a browser and wants to go to I'd like this Linux box to log that the user at address 192.168.1.50 sent a request to
Currently, I'm just interested in where people are going; I'm not really interested in restricting traffic at this time, although ultimately, I'd probably like to do that as well.

Would anyone be able to recommend a package that runs on Linux that is capable of doing this? We have a copy of RedHat Linux 6.1 and whatever comes with that. I have successfully connected the Linux box to the Internet, so I would be able to download whatever files would be necessary.

Any help or guidance would be most appreciated! Thank you...

Daniel Bruss
dano@sandridgebank.com
 
Sort by date Sort by votes
You can try snort, which is an ids with extensive pf
and logging capabilities. Also ngrep matches strings
against dst/src port matches...
Also the standard linux PF's like ipchains and iptables have support for logging traffic->the previous two are more specialized...
 
Upvote 0 Downvote
Hi,

You could either use ip masquerading (source network address translation) and log the packets or use a proxy server with logging.

For RH 6.1 you would use 'ipchains' for masquerading. Tbis does have a logging capability - writes to /var/log/messages - but I don't think you would get the canonical name (e.g. in the output - You would get the (resolved) target ip addressI and port. This might not tell you enough for your purposes.

You could use the squid cacheing proxy which does have full logging facilities but the problem is it only works with http so its not really a fully functional internet connection - things like real-audio won't get through. Maybe you could use a combination of squid for tcp port 80 and ip masquerading for everything else. See Really the only advantage squid has over masquerading is performance (from cached pages if you use a lot) and more logging.

Got to go now...
Rgds
 
Upvote 0 Downvote
squid is good, and out-of-the-box, it should be able to allow Real Audio.. if it does give u a problem, just disable it's prefs where it defines that ip address and destination port of the squid server...

good luck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
635
gbaughma
gbaughma
kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
222
kristiandg
kristiandg
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
299
Stephen_Hawk
Stephen_Hawk
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
137
bhuv560
bhuv560
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
280
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top