Heya Shane. We use a combination of methods to limit access.
Firstly, install an ident server on each workstation, and configure squid to do ident lookups. This will put the current username in the logs. Then install an app called sarg http://sarg.sourceforge.net/sarg.php which will produce summaries based on top user, top site accessed, etc on a daily basis. Email me if you want a look at the pages produced. If the users only need to go to a limited range of web pages then consider dropping all other sites using ACLs or squidGuard. -----Original Message----- From: Shane Hollis [mailto:[EMAIL PROTECTED] Sent: Friday, 25 February 2005 11:56 a.m. To: [email protected] Subject: Hello and a question re IP Accounting statistics One of our clients had a huge Internet blow out last month. We have IP Cop in place running Squid, with logs turned on and no holes in the fire wall. I know internally we are not virused and there is no malware / spyware present. Their normal usage is between 4 and 6 Gb per month, last month was a massive 15GB. blow out. Using IP Cop I can see what days we did most of the traffic. Squid tells me who went where, the traffic charts show me the speed we did stuff at but there is no where I can find any way of getting what IP address did how much traffic and when. I have been looking at a few products to remedy this and am tightening the firewall to stop stuff going out, as well as in now. Trust in the workers to use the system properly suddenly evaporated in the managers minds so they want some IP traffic accounting put in place to see who is using how much and when and why. Any ideas on what is the best way to log this kind of traffic volume by individual lan ip address or user log on, especially using IP Cop. At present the best option seems to be putting yet another computer in place that uses a traffic counter and accounting. If you know of something with logging, throttling by volume and or mail alerts it would be appreciated.
