FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-29-2010, 07:12 AM
Rajagopal Swaminathan
 
Default Browser related question

Greetings,

How does one monitor if a site is being accessed using browser?

IOW, I just want to know if a user has launched a session thru Firefox.

I basically want to know if a user has tried to access the webserver
and unable to reach it and log such instances.

I am using cron and curl to seperately monitor the link.

Any clues?

Centos 5.2/Gnome/Firefox 3.0.16

Regards

Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-29-2010, 09:43 AM
Kwan Lowe
 
Default Browser related question

On Fri, Jan 29, 2010 at 3:12 AM, Rajagopal Swaminathan
<raju.rajsand@gmail.com> wrote:
> Greetings,
>
> How does one monitor if a site is being accessed using browser?
>
> IOW, I just want to know if a user has launched a session thru Firefox.
>
> I basically want to know if a user has tried to access the webserver
> and unable to reach it and log such instances.
>
> I am using cron and curl to seperately monitor the link.
>
> Any clues?

It is possible using the auditd subsysted. You'd need to define a rule
to match that user and firefox. I don't have the exact syntax, but the
rule I use for root in audit.rules is:

-a entry,always -S open -S close -S read -S write -S link -S unlink -S
chmod -S chown -S execve -F uid=root -k root_activity


If you do a man on auditctl it can show the options. You could, for
example, generate a rule whenever a particular user launches firefox,
etc..
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-29-2010, 06:28 PM
Agile Aspect
 
Default Browser related question

On Fri, Jan 29, 2010 at 12:12 AM, Rajagopal Swaminathan
<raju.rajsand@gmail.com> wrote:
> Greetings,
>
> How does one monitor if a site is being accessed using browser?
>
> IOW, I just want to know if a user has launched a session thru Firefox.
>
> I basically want to know if a user has tried to access the webserver
> and unable to reach it and log such instances.
>
> I am using cron and curl to seperately monitor the link.
>
> Any clues?
>
> Centos 5.2/Gnome/Firefox 3.0.16

It's clear what it is you're trying to do, but If you're running
Apache, turn on

CustomLog "logs/access_log" combined

The default is

CustomLog "logs/access_log" common

It will not only log the browser type, it will also log the OS in the
access_log file.

For errors accessing files, see the error_log.

If the client can't reach the site, then it should be clear the server
won't be able to log the attempt.


--
Enjoy global warming while it lasts.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 03:29 AM
Rajagopal Swaminathan
 
Default Browser related question

Greetings,

Thanks a lot

> On Fri, Jan 29, 2010 at 4:13 PM, Kwan Lowe <kwan.lowe@gmail.com> wrote:
> On Fri, Jan 29, 2010 at 3:12 AM, Rajagopal Swaminathan
> <raju.rajsand@gmail.com> wrote:
>
> It is possible using the auditd subsysted. You'd need to define a rule

I presume you meant subsystem..

>
> -a entry,always -S open -S close -S read -S write -S link -S unlink -S
> chmod -S chown -S execve -F uid=root -k root_activity

I will look into that..

Regards,

Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 03:37 AM
Rajagopal Swaminathan
 
Default Browser related question

Greetings,

Thanks for the reply.

On Sat, Jan 30, 2010 at 12:58 AM, Agile Aspect <agile.aspect@gmail.com> wrote:
>
> It's clear what it is you're trying to do, but If you're running
> Apache, turn on

I am not running apache and it may not be feasible as the clients are
not endowed enough.

>
> If the client can't reach the site, then it should be clear the server
> won't be able to log the attempt.

In fact this is exactly the condition I wanted to capture as
unavailability window

FWIW, I am approaching this with tcpdump

tcpdump -s 0 -A -i eth0 -n -q -tttt '(dst host <mumble> and dst port
80) and tcp[13] == 2'

Basically checking for the SYN flag in the outgoing traffic.

But it is generating too much data for my purposes.

Another approach I have in mind is running a proxy and logging the
outgoing connection -- will that be resource hungry? I've never tried
squid

Ideas?

Regards

Rajagopal

Regards,

Rajagopal

Is this the correct way?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 04:55 AM
Les Mikesell
 
Default Browser related question

Rajagopal Swaminathan wrote:
> Greetings,
>
> Thanks for the reply.
>
> On Sat, Jan 30, 2010 at 12:58 AM, Agile Aspect <agile.aspect@gmail.com> wrote:
>> It's clear what it is you're trying to do, but If you're running
>> Apache, turn on
>
> I am not running apache and it may not be feasible as the clients are
> not endowed enough.
>
>> If the client can't reach the site, then it should be clear the server
>> won't be able to log the attempt.
>
> In fact this is exactly the condition I wanted to capture as
> unavailability window
>
> FWIW, I am approaching this with tcpdump
>
> tcpdump -s 0 -A -i eth0 -n -q -tttt '(dst host <mumble> and dst port
> 80) and tcp[13] == 2'
>
> Basically checking for the SYN flag in the outgoing traffic.
>
> But it is generating too much data for my purposes.
>
> Another approach I have in mind is running a proxy and logging the
> outgoing connection -- will that be resource hungry? I've never tried
> squid

Depending on the nature of the content and the number of users, running a squid
with caching enabled can be a resource win - and it will give you the log you
want as long as the browser(s) are configured to use it.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 04:58 AM
John R Pierce
 
Default Browser related question

Les Mikesell wrote:
> Depending on the nature of the content and the number of users, running a squid
> with caching enabled can be a resource win - and it will give you the log you
> want as long as the browser(s) are configured to use it.
>

if you have control over the internet gateway, you can force -all- web
traffic to transparently be routed to the squid proxy, and then process
the squid access and error logs, perhaps with a perl script (perl really
rocks for this sort of thing).






_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 05:52 AM
Rajagopal Swaminathan
 
Default Browser related question

Greetings,

Thanks for the reply.

On Sat, Jan 30, 2010 at 11:25 AM, Les Mikesell <lesmikesell@gmail.com> wrote:
>
> Depending on the nature of the content and the number of users, running a squid
> with caching enabled can be a resource win - and it will give you the log you
> want as long as the browser(s) are configured to use it.
>

IOW, Two programs Firefox and squid proxy running every such box :
Centos Desktops running in GUI mode.

Will 512MB RAM be sufficient to what you are suggesting?

I have over 300 such desktops distributed across the geographical
having a unpredictable connectivity and each one of them just use one
browser based on-line application and some cron scripts for monitoring
and logging simple details.

Changing the h/w configuration is nearly impossible now..

or is there another lightweight solution?

Thanks again Les,

Regards

Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 05:54 AM
Rajagopal Swaminathan
 
Default Browser related question

Greetings,

On Sat, Jan 30, 2010 at 11:28 AM, John R Pierce <pierce@hogranch.com> wrote:
>
> if you have control over the internet gateway, you can force -all- web
> traffic to transparently be routed to the squid proxy, and then process
> the squid access and error logs, perhaps with a perl script (perl really
> rocks for this sort of thing).
>

Thanks John for the reply and suggestion.

It seems increasingly certain that I will have setup proxy.

Regards

Rajagopal
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-30-2010, 12:55 PM
Bob McConnell
 
Default Browser related question

Rajagopal Swaminathan wrote:
> On Sat, Jan 30, 2010 at 12:58 AM, Agile Aspect <agile.aspect@gmail.com> wrote:
>> If the client can't reach the site, then it should be clear the server
>> won't be able to log the attempt.
>
> In fact this is exactly the condition I wanted to capture as
> unavailability window
>
> FWIW, I am approaching this with tcpdump
>
> tcpdump -s 0 -A -i eth0 -n -q -tttt '(dst host <mumble> and dst port
> 80) and tcp[13] == 2'
>
> Basically checking for the SYN flag in the outgoing traffic.
>
> But it is generating too much data for my purposes.

If you have X11 installed, use Wireshark to capture the data. If you
don't, save the captured data into a file, then copy it to another
computer where you can use Wireshark. Set the view filter for the
specific IP addresses you are looking for. From above, it would be

"ip.addr eq <mumble>"

The view filter I used yesterday to examine one connection at work was

"ip.addr eq 10.3.1.66 and ip.addr eq 10.3.1.96"

Remove the flags condition from the capture (tcp[13]) as it won't make
any difference until the SYN packets get through and then it will only
get in the way of seeing what happens next.

Bob McConnell
N2SPP

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:38 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org