On Mon, Aug 09, 1999 at 03:24:23PM -0400, Paul Stephenson wrote:
> Prob 1. Spurious dialouts of between a minute and two minutes duration
> sporadically. I've filtered all the Netbios calls in my standard.filter and
> disabled the browse master on those Win clients that use file and print for
> MS networks. I admit I have not removed Windows critical update from the
> one Win 98 PC connected, as the dialouts happen even when this PC is turned
> off. In each instance the filter being accepted is:
> "filter accepted rule 27 proto 17 len". Could it be the Samba server and
> how can I stop this?
I am not sure, but I think proto 17 is for named packets.
You may want to dig a little more into it. Increase the log levels in
samba and see what it says.
Make sure that your caching named server responds correctly for all
machine names and aliases in your domain. Also, keep in mind that
Windows machines can be configured to use DNS to resolve Netbios calls.
you may wish to turn that off. See my response to question 2 for other
solutions.
>
> Prob 2. All the users love diald but I need to produce some reporting for
> management. Specifically, they'd like to see a weekly report of those
> Websites visited. This would need to include domain names and visit
> frequency. Is this something that can only be done with Squid?
Geez, that seems rather like an invasion of the illusion of privacy.
Opinions aside, since you are running ipfwadm, you can use that to log
these things.
The rule
ipfwadm -I -accept -y -P tcp -S 10.0.0.1/255 80 -o
will catch and log all http requests originating from your domain.
The -y tells ipfwadm to only catch packets with the syn bit set. That
way you only log the attempt to connect and ignore all subsequent
packets for the same tcp session. Change the netmask to represent your
own. You may with to also put in a similar line for port 443 ( or
whatever port https uses. I think that's right). You could also add
to the rule to watch particular interfaces and so on.
You'll then want to write a script to analyse the log and generate reports.
That is left as an exercise for the reader. Before you embark on it
though, checkout the syslog reporters floating around CPAN. You are
using perl for the reports arent't you?
--
Gyepi Sam --+-- Designer/Programmer --+-- Network/System Administrator
[EMAIL PROTECTED] --+-- http://www.praxis-sw.com/gyepi
What is a magician but a practising theorist? -- Obi-Wan Kenobi
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
