7.31. ( ACCOUNTING ) - I need to do accounting on who is using the networkThough this doesn't have much to do with IPMASQ, here are a few ideas. If you
know of a better solution, please email the author of this HOWTO so it can be
added to the HOWTO.
Idea #1: You could run the command:
IPCHAINS: "ipchains -L -M"
IPTABLES: "cat /proc/net/ip_conntrack"
IPFWADM: |
once a second and log all of those entries. You could then write a program
to merge this information into one large file. Again, this will only
provide you with the remote IP address and nothing about the content viewed
or downloaded.Idea #2: Log every packet: You can match any specific traffic flows but
this method will create VERY LARGE log files. Unfortunately, these log files
aren't very readable and it doesn't tell you what was transfered (FTP files,
etc.). Fortunately, setting up this form of accounting is easy. Idea #3: Say you want to log all traffic going out onto the internet. You
can setup a firewall rule to accept port 80 traffic with with the SYN bit set
and log it. Now mind you, this will create smaller log files than the idea
above but you will only know the destination IP address and NOT the WWW pages
viewed. Idea #4: Transparent Proxy: This method really doesn't use IPMASQ since it
requires the installation and setup of the Squid HTTP/FTP proxy server.
The benefit of this method is that internal users won't notice anything
different in terms of connectivity but now the SysAdmin gets a LOT more
information (files downloaded, etc). But, there are pros/cons to setting this
up:
Pro:
+ full logging of all transferred files and issues FTP commands
+ you can enable caching on the proxy server. With caching, you can save
bandwidth since once a file is downloaded, any identical file
requests will be served via the cache and not redownloaded via
the Internet connection.
Con:
- Setting up a transparent proxy is complicated as it requires kernel
changes, setting up Squid, etc.
- Could be overkill for a small installation.
Please see the Advanced Routing HOWTO for more details.
|
|