[plug] Squid/Guard Questions
Bernd Felsche
bernie at innovative.iinet.net.au
Sat Nov 13 15:16:35 WST 2004
Timothy White <weirdo at tigris.org> writes:
>I have a number of computers accessing the Internet through a squid proxy.
>I am wondering how to do 2 things.
>1) How can I monitor how much people are 'downloading' in real-time and
>monthly (as in Megabits/s and Megabytes/month)
Through the proxy; by log file analysis. Squid will generally create
an access.log in /var/log/squid or similar. You can the use tools
such as calamaris or sarg for analysis.
Note that unless you use something like ident and rigourously police
"sharing", that you can only identify *machines* (IP addresses) by
log file analysis.
>2) How can I get SquidGuard to tell me when a user has tried to access a
>blocked site.
Tell SquidGuard to log it.
e.g.
------------------------------------------------------------------------
logdir /var/log/squidGuard
dbhome /var/lib/squidGuard/db
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
expressionlist blacklists/porn/expressions
log anonymous porn.log
}
dest ads {
domainlist blacklists/ads/domains
urllist blacklists/ads/urls
log anonymous ads.log
}
dest aggressive {
domainlist blacklists/aggressive/domains
urllist blacklists/aggressive/urls
log anonymous aggressive.log
}
dest spammer {
domainlist blacklists/spammers/domains
urllist blacklists/spammers/urls
log anonymous spammers.log
}
acl {
default {
pass !ads !spammer !aggressive !porn all
redirect http://example.com/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
------------------------------------------------------------------------
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
More information about the plug
mailing list