7.31. ( ACCOUNTING ) - I need to do accounting on who is using the network

Though this doesn't have much to do with IPMASQ, here are a few ideas. If you know of a better solution, please email the author of this HOWTO so it can be added to the HOWTO.

  • Idea #1: You could run the command:

    IPCHAINS: "ipchains -L -M" 
    
    IPTABLES: "cat /proc/net/ip_conntrack"
    
    IPFWADM:
    once a second and log all of those entries. You could then write a program to merge this information into one large file. Again, this will only provide you with the remote IP address and nothing about the content viewed or downloaded.

  • Idea #2: Log every packet: You can match any specific traffic flows but this method will create VERY LARGE log files. Unfortunately, these log files aren't very readable and it doesn't tell you what was transfered (FTP files, etc.). Fortunately, setting up this form of accounting is easy.

  • Idea #3: Say you want to log all traffic going out onto the internet. You can setup a firewall rule to accept port 80 traffic with with the SYN bit set and log it. Now mind you, this will create smaller log files than the idea above but you will only know the destination IP address and NOT the WWW pages viewed.

  • Idea #4: Transparent Proxy: This method really doesn't use IPMASQ since it requires the installation and setup of the Squid HTTP/FTP proxy server. The benefit of this method is that internal users won't notice anything different in terms of connectivity but now the SysAdmin gets a LOT more information (files downloaded, etc). But, there are pros/cons to setting this up:

    Pro:

    • + full logging of all transferred files and issues FTP commands

    • + you can enable caching on the proxy server. With caching, you can save bandwidth since once a file is downloaded, any identical file requests will be served via the cache and not redownloaded via the Internet connection.

    Con:

    • - Setting up a transparent proxy is complicated as it requires kernel changes, setting up Squid, etc.

    • - Could be overkill for a small installation.

    Please see the Advanced Routing HOWTO for more details.

Copyright © 2010-2018 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout