Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

track where a person goes

0 views
Skip to first unread message

jim fixit

unread,
Nov 25, 2003, 6:05:55 PM11/25/03
to
if a person is using proxy I can see by IP address in the proxy logs
where all they went. But if we have dynamic nat turned on, and we do
because somethings just don't work well through proxy, can I find a log
someplace that tells me where all this person might have gone?

what a disgusting job to have to do...and no, they won't buy cyber
patrol or anything like that....

Craig Johnson

unread,
Nov 25, 2003, 7:37:56 PM11/25/03
to
In article <nfRwb.10120$I04....@prv-forum2.provo.novell.com>, Jim fixit
wrote:

> But if we have dynamic nat turned on, and we do
> because somethings just don't work well through proxy, can I find a log
> someplace that tells me where all this person might have gone?
>
No, you cannot really track users bypassing the proxies, at least not
with any BorderManager features. You might be able to put a sniffer of
some sort on the LAN to track the traffic. (I am thinking that if you
had a SNORT intrusion detection system, you could write a simple rule or
two to track that user's IP address and put the data into a MySQL
database).

If you simply want to track a user's access via HTTP Proxy, that is
fairly easy (and documented in the access rules chapter of my BMgr 3.x
book). You need to add an allow rule high in the rules list for that
user's IP address, and enable logging. Then you will at least catch the
browsing activity via access rules.


Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Lance Reynolds

unread,
Nov 26, 2003, 6:59:11 AM11/26/03
to
Craig Johnson wrote:

> You might be able to put a sniffer of
> some sort on the LAN to track the traffic

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967287.htm ? :)
--
Lance Reynolds, CNE

Jim Michael

unread,
Nov 26, 2003, 10:23:57 AM11/26/03
to
Craig Johnson wrote:
>
> You might be able to put a sniffer of
> some sort on the LAN to track the traffic. (I am thinking that if you
> had a SNORT intrusion detection system, you could write a simple rule or
> two to track that user's IP address and put the data into a MySQL
> database).

The Surfcontrol "reporting" module that you get when you license surfcontrol
for BM does just that. It acts as a sniffer on the BM private segment, and
logs just about any traffic you want to an SWL database.

Jim

Craig Johnson

unread,
Nov 26, 2003, 10:54:29 AM11/26/03
to
The problem with that is that I suspect it may load the server down as
I don't think it is meant to target only certain traffic.

Lance Reynolds

unread,
Nov 26, 2003, 11:37:53 AM11/26/03
to
Yeah, definitely not something you would want to run all the time on
the server.


--
Lance Reynolds, CNE

jim fixit

unread,
Nov 26, 2003, 11:54:32 AM11/26/03
to
Thanks all. I had pretty much come to that conclusion myself and
sniffer is out there trapping away. Geez.
0 new messages