Author Topic: Question for the computer folks (Read 961 times)

Balog · « **on:** January 26, 2011, 08:35:09 AM »

So I'm looking to set up a program that tracks the internet traffic through our router and generates a report on it. Nothing fancy, just "On X day at Y time computer Z went to this website" kinda thing. Ideally it'd then email me this report, but if I have to retrieve it that'd work too.

Currently, the signal chain is: fios > router > computer A & B each connected directly to the router. Do I need to set up a central computer as a router and run traffic through it to have such logs? I've been meaning to replace the power supply in the desktop and get it going again, so I could always do that (with a little help from APS

).

mtnbkr · « **Reply #1 on:** January 26, 2011, 08:54:59 AM »

Assuming you have the same FIOS router I have, it won't do what you want, so you'll have to go to another system.

What you could do is set up your third computer as a bastion host, routing all traffic through it, then have it log connections to a file, which is then sent to you via email. Use IPTables to monitor those connections. Connect your PCs to a switch, connect that switch to your 3rd system, with it's IP as your default gateway (its default gateway would be the router). All traffic from your PCs would be routed through that. You will have to configure DHCP on this host. If you want wireless, you'll need an AP prior to the host. Basically, it will become another router BEFORE your FIOS router. Any connection you make directly to the FIOS router will be unmonitored.

I would go a step further and install Splunk and let it monitor that file so you can run reports against it and even have Splunk email those reports in CSV or PDF format. There is a free version of Splunk, but I don't know how handicapped it is. In addition, if you use Splunk, you can send it logs from your Windows boxes (need Snare on the Win boxes for that, also free) and any other device that generates logs so you can get full log retention of your network devices.

It does take some horsepower to run effectively though.

Chris

Balog · « **Reply #2 on:** January 26, 2011, 10:10:25 AM »

Thanks Chris, that's very helpful even if a lot of it was over my head. :) So the take away I'm getting is that I need to set up my desktop as a router, connect all other computers to it, and that in doing so I'll need it to be a fairly powerful system to avoid slowing things down?

Also, is there any way to set up each individual computer with it's own tracking system?

Harold Tuttle · « **Reply #3 on:** January 26, 2011, 10:15:31 AM »

teen age log report

facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype, facebook, youtube, skype, youtube, email, facebook, skype,

mtnbkr · « **Reply #4 on:** January 26, 2011, 11:02:25 AM »

Quote from: Balog on January 26, 2011, 10:10:25 AM

Thanks Chris, that's very helpful even if a lot of it was over my head. :) So the take away I'm getting is that I need to set up my desktop as a router, connect all other computers to it, and that in doing so I'll need it to be a fairly powerful system to avoid slowing things down?

Also, is there any way to set up each individual computer with it's own tracking system?

It doesn't need to be your desktop, it can be yet another machine with two ethernet interfaces and a host of software turning it into a firewall (to provide the logging, routing, and reporting functions). When I say "powerful", I mean it can't be some 10yo Pentium with 500megs of RAM. You'll want something fairly recent with a couple gig or more of RAM.

Yes, you can install software locally on each machine, but I was coming up with a more automated and centralized solution. What OS do you run locally?

Check this out for the logging and reporting: http://www.splunk.com/

I believe there's even a Windows version, but I've never used it.

Chris

Balog · « **Reply #5 on:** January 26, 2011, 11:06:07 AM »

Quote from: mtnbkr on January 26, 2011, 11:02:25 AM

It doesn't need to be your desktop, it can be yet another machine with two ethernet interfaces and a host of software turning it into a firewall (to provide the logging, routing, and reporting functions). When I say "powerful", I mean it can't be some 10yo Pentium with 500megs of RAM. You'll want something fairly recent with a couple gig or more of RAM.

Yes, you can install software locally on each machine, but I was coming up with a more automated and centralized solution. What OS do you run locally?

Check this out for the logging and reporting: http://www.splunk.com/

I believe there's even a Windows version, but I've never used it.

Chris

Currently we have: desktop (in need of a power supply), a netbook (Ubuntu), and a laptop (XP). I'm all for automated and centralized, just trying to figure out my options. :) I'll have a look at Splunk, thanks for the tip. If I did set up a central machine as and turn it into a firewall as you mentioned, would I likely see any slow down in overall speed?

mtnbkr · « **Reply #6 on:** January 26, 2011, 11:06:50 AM »

Basically, you need to monitor the traffic, log the traffic, generate a report, and have it delivered to you.

The monitoring is your firewall functionality, but in a passive monitoring state, not blocking. A linux box with two interfaces set up as a router with IPChains running on it as well can handle this. Configure some rules to monitor http traffic and log that to syslog, which can be sent to the Splunk application running on the same box.

The logging is handled by the local logging facility of whatever you use for the firewall function and augmented by Splunk.

Report generation and delivery is Splunk all the way.

BTW, I work with similar configurations frequently. The hard part is going to get the FW/Router function in place. Logging, reporting, and delivery are easy, but the flashier part.

Chris

mtnbkr · « **Reply #7 on:** January 26, 2011, 11:10:10 AM »

Quote from: Balog on January 26, 2011, 11:06:07 AM

Currently we have: desktop (in need of a power supply), a netbook (Ubuntu), and a laptop (XP). I'm all for automated and centralized, just trying to figure out my options. :) I'll have a look at Splunk, thanks for the tip. If I did set up a central machine as and turn it into a firewall as you mentioned, would I likely see any slow down in overall speed?

For Internet browsing? No, your throughput on the box will be faster than your FIOS connection. If you are trying to interact with devices on the other side of the desktop/FW, it may be a tad slower than the 100mbps offered by your LAN, but I doubt you'd notice. The solution for that is to put all of your home computers on the inside of the FW. Only Internet-bound traffic should exist on the other side of the FW/Router box.

Once you get it set up, you could get crazy and set up all sorts of neat stuff.

Chris

Perd Hapley · « **Reply #8 on:** January 30, 2011, 05:17:30 PM »

I have a couple of power supplies, if you could use one. They are only 250 W.

go_bang · « **Reply #9 on:** January 30, 2011, 10:17:45 PM »

If the computers in question are running Windows Vista or 7 enabling the parental control functions might be a simpler solution. I believe you can set it up to just log internet activity without blocking anything.

sanglant · « **Reply #10 on:** January 30, 2011, 10:35:46 PM »

depending on how smart the target is, opendns.com . set up an account, then i think you have to enable stats and logging.

have to pay if you want more than 2 weeks.

oh, and there dns servers are more reliable, and faster then charter's dns servers.

edit: if you can block other dns servers in firewall it would make it much harder to get around.

Armed Polite Society

News:

Author Topic: Question for the computer folks (Read 961 times)

Balog

Question for the computer folks

mtnbkr

Re: Question for the computer folks

Balog

Re: Question for the computer folks

Harold Tuttle

Re: Question for the computer folks

mtnbkr

Re: Question for the computer folks

Balog

Re: Question for the computer folks

mtnbkr

Re: Question for the computer folks

mtnbkr

Re: Question for the computer folks

Perd Hapley

Re: Question for the computer folks

go_bang

Re: Question for the computer folks

sanglant

Re: Question for the computer folks