How does one monitor if a site is being accessed using browser?
IOW, I just want to know if a user has launched a session thru Firefox.
I basically want to know if a user has tried to access the webserver
and unable to reach it and log such instances.
I am using cron and curl to seperately monitor the link.
Any clues?
Centos 5.2/Gnome/Firefox 3.0.16
Regards
Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-29-2010, 09:43 AM
Kwan Lowe
Browser related question
On Fri, Jan 29, 2010 at 3:12 AM, Rajagopal Swaminathan
<raju.rajsand@gmail.com> wrote:
> Greetings,
>
> How does one monitor if a site is being accessed using browser?
>
> IOW, I just want to know if a user has launched a session thru Firefox.
>
> I basically want to know if a user has tried to access the webserver
> and unable to reach it and log such instances.
>
> I am using cron and curl to seperately monitor the link.
>
> Any clues?
It is possible using the auditd subsysted. You'd need to define a rule
to match that user and firefox. I don't have the exact syntax, but the
rule I use for root in audit.rules is:
-a entry,always -S open -S close -S read -S write -S link -S unlink -S
chmod -S chown -S execve -F uid=root -k root_activity
If you do a man on auditctl it can show the options. You could, for
example, generate a rule whenever a particular user launches firefox,
etc..
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-29-2010, 06:28 PM
Agile Aspect
Browser related question
On Fri, Jan 29, 2010 at 12:12 AM, Rajagopal Swaminathan
<raju.rajsand@gmail.com> wrote:
> Greetings,
>
> How does one monitor if a site is being accessed using browser?
>
> IOW, I just want to know if a user has launched a session thru Firefox.
>
> I basically want to know if a user has tried to access the webserver
> and unable to reach it and log such instances.
>
> I am using cron and curl to seperately monitor the link.
>
> Any clues?
>
> Centos 5.2/Gnome/Firefox 3.0.16
It's clear what it is you're trying to do, but If you're running
Apache, turn on
CustomLog "logs/access_log" combined
The default is
CustomLog "logs/access_log" common
It will not only log the browser type, it will also log the OS in the
access_log file.
For errors accessing files, see the error_log.
If the client can't reach the site, then it should be clear the server
won't be able to log the attempt.
--
Enjoy global warming while it lasts.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 03:29 AM
Rajagopal Swaminathan
Browser related question
Greetings,
Thanks a lot
> On Fri, Jan 29, 2010 at 4:13 PM, Kwan Lowe <kwan.lowe@gmail.com> wrote:
> On Fri, Jan 29, 2010 at 3:12 AM, Rajagopal Swaminathan
> <raju.rajsand@gmail.com> wrote:
>
> It is possible using the auditd subsysted. You'd need to define a rule
I presume you meant subsystem..
>
> -a entry,always -S open -S close -S read -S write -S link -S unlink -S
> chmod -S chown -S execve -F uid=root -k root_activity
I will look into that..
Regards,
Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 03:37 AM
Rajagopal Swaminathan
Browser related question
Greetings,
Thanks for the reply.
On Sat, Jan 30, 2010 at 12:58 AM, Agile Aspect <agile.aspect@gmail.com> wrote:
>
> It's clear what it is you're trying to do, but If you're running
> Apache, turn on
I am not running apache and it may not be feasible as the clients are
not endowed enough.
>
> If the client can't reach the site, then it should be clear the server
> won't be able to log the attempt.
In fact this is exactly the condition I wanted to capture as
unavailability window
FWIW, I am approaching this with tcpdump
tcpdump -s 0 -A -i eth0 -n -q -tttt '(dst host <mumble> and dst port
80) and tcp[13] == 2'
Basically checking for the SYN flag in the outgoing traffic.
But it is generating too much data for my purposes.
Another approach I have in mind is running a proxy and logging the
outgoing connection -- will that be resource hungry? I've never tried
squid
Ideas?
Regards
Rajagopal
Regards,
Rajagopal
Is this the correct way?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 04:55 AM
Les Mikesell
Browser related question
Rajagopal Swaminathan wrote:
> Greetings,
>
> Thanks for the reply.
>
> On Sat, Jan 30, 2010 at 12:58 AM, Agile Aspect <agile.aspect@gmail.com> wrote:
>> It's clear what it is you're trying to do, but If you're running
>> Apache, turn on
>
> I am not running apache and it may not be feasible as the clients are
> not endowed enough.
>
>> If the client can't reach the site, then it should be clear the server
>> won't be able to log the attempt.
>
> In fact this is exactly the condition I wanted to capture as
> unavailability window
>
> FWIW, I am approaching this with tcpdump
>
> tcpdump -s 0 -A -i eth0 -n -q -tttt '(dst host <mumble> and dst port
> 80) and tcp[13] == 2'
>
> Basically checking for the SYN flag in the outgoing traffic.
>
> But it is generating too much data for my purposes.
>
> Another approach I have in mind is running a proxy and logging the
> outgoing connection -- will that be resource hungry? I've never tried
> squid
Depending on the nature of the content and the number of users, running a squid
with caching enabled can be a resource win - and it will give you the log you
want as long as the browser(s) are configured to use it.
--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 04:58 AM
John R Pierce
Browser related question
Les Mikesell wrote:
> Depending on the nature of the content and the number of users, running a squid
> with caching enabled can be a resource win - and it will give you the log you
> want as long as the browser(s) are configured to use it.
>
if you have control over the internet gateway, you can force -all- web
traffic to transparently be routed to the squid proxy, and then process
the squid access and error logs, perhaps with a perl script (perl really
rocks for this sort of thing).
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 05:52 AM
Rajagopal Swaminathan
Browser related question
Greetings,
Thanks for the reply.
On Sat, Jan 30, 2010 at 11:25 AM, Les Mikesell <lesmikesell@gmail.com> wrote:
>
> Depending on the nature of the content and the number of users, running a squid
> with caching enabled can be a resource win - and it will give you the log you
> want as long as the browser(s) are configured to use it.
>
IOW, Two programs Firefox and squid proxy running every such box :
Centos Desktops running in GUI mode.
Will 512MB RAM be sufficient to what you are suggesting?
I have over 300 such desktops distributed across the geographical
having a unpredictable connectivity and each one of them just use one
browser based on-line application and some cron scripts for monitoring
and logging simple details.
Changing the h/w configuration is nearly impossible now..
or is there another lightweight solution?
Thanks again Les,
Regards
Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 05:54 AM
Rajagopal Swaminathan
Browser related question
Greetings,
On Sat, Jan 30, 2010 at 11:28 AM, John R Pierce <pierce@hogranch.com> wrote:
>
> if you have control over the internet gateway, you can force -all- web
> traffic to transparently be routed to the squid proxy, and then process
> the squid access and error logs, perhaps with a perl script (perl really
> rocks for this sort of thing).
>
Thanks John for the reply and suggestion.
It seems increasingly certain that I will have setup proxy.
Regards
Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
01-30-2010, 12:55 PM
Bob McConnell
Browser related question
Rajagopal Swaminathan wrote:
> On Sat, Jan 30, 2010 at 12:58 AM, Agile Aspect <agile.aspect@gmail.com> wrote:
>> If the client can't reach the site, then it should be clear the server
>> won't be able to log the attempt.
>
> In fact this is exactly the condition I wanted to capture as
> unavailability window
>
> FWIW, I am approaching this with tcpdump
>
> tcpdump -s 0 -A -i eth0 -n -q -tttt '(dst host <mumble> and dst port
> 80) and tcp[13] == 2'
>
> Basically checking for the SYN flag in the outgoing traffic.
>
> But it is generating too much data for my purposes.
If you have X11 installed, use Wireshark to capture the data. If you
don't, save the captured data into a file, then copy it to another
computer where you can use Wireshark. Set the view filter for the
specific IP addresses you are looking for. From above, it would be
"ip.addr eq <mumble>"
The view filter I used yesterday to examine one connection at work was
"ip.addr eq 10.3.1.66 and ip.addr eq 10.3.1.96"
Remove the flags condition from the capture (tcp[13]) as it won't make
any difference until the SYN packets get through and then it will only
get in the way of seeing what happens next.
Bob McConnell
N2SPP
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Browser related question
