Network Monitoring
Dan Jenkins
dan at rastech.com
Tue Jul 10 18:50:51 EDT 2007
klussier at comcast.net wrote:
> -------------- Original message ----------------------
> From: "Ben Scott" <dragonhawk at gmail.com>
>
>> I use the Squid HTTP proxy for this. GPL. I have it setup to talk
>> to our Active Directory server to do user authentication. It supports
>> the same NTLM that MSIE uses, so user authentication happens
>> automagically. (We want certain users blocked, etc.) Alternatively,
>> if you just want monitoring, you can use a firewall rule to make Squid
>> a transparent interception proxy. Users won't even know it's there.
>> Depending on your usage patterns, a proxy can also result in some
>> bandwidth savings.
>>
>> http://www.squid-cache.org
> I will look into this. Squid has been on my list of things to play with anyway (for the last 5 or so years... :-) This is strictly a monitoring use. There is no blocking, content filtering, etc. The upper crust just wants to know who is going where and how often.
>
I've used Squid several times with a transparent proxy, just as Ben said
(albeit without Active Directory). It works well, and frequently does
result in somewhat faster browsing (a tad slower the first visit). I
used Calamari for reporting as well as some homebrew scripts. Webalyzer
also worked. There's a plethora of reporting tools which work with it,
check out http://www.squid-cache.org/Scripts/ for a few.
Most of the monitoring I've done has been accompanied by filtering
(dansguardian) as it was done for schools. I've used Squid as an
accelerator over slow links and it definitely helped improve performance
there. The logs have proven helpful in identifying malware. In fact,
I've used dansguardian in conjunction with squid to block malware by
narrowly limiting the dansguardian filtering. (While they are other
tools for that task, it was the hammer I already had the first time I
used it.)
--
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-206-9951
*** Technical Support Excellence for over a Quarter Century
More information about the gnhlug-discuss
mailing list