Mohan, Yes, I think so but there are some downloads that don’t report size (like streaming videos).
As best I remember the process… I installed Squid3 and set up a transparent proxy, with logging. Then I installed SARG and set it up to generate logs every hour, rotating the logs afterwards and restarting the proxy service. This is important as you only have a certain amount of space in the flash storage of the appliance. Then you look at the logs - you can see what users are using the most data (please keep in mind that if you have the default 2-hour lease time you will not have a lot of time to ID the user)… I got the IP and then went to the DHCP Leases page to ID the user. Then, in the Squid settings I told it to block the assigned IP address for the user. Then I went back to the DHCP Leases page to force this device (by MAC address) to a new IP that is inside the subnet but outside the scope (I am using a 22-bit subnet for this network - so we have up to 1024 possible IPs). Then I went back into Squid to block the new IP as well. After your lease time is up you can safely (and should) remove the originally assigned IP from Squid. Now the user will resolve an IP and authenticate but they cannot do anything. You get a message from Squid saying your access is denied, that the user should contact the administrator and then displays the email address you have listed in Squid. It’s a very basic page. I happened to be there when it was happening and I had the Traffic Graph up and running in the Index page. — Ryan On Mar 24, 2014, at 2:38 PM, A Mohan Rao <[email protected]> wrote: > Actually my question is there any option for if any user cross the download > limit like 500 mb user will automatically block. > > On Mar 25, 2014 1:04 AM, "Jopoy Solano" <[email protected]> wrote: > This may also help: > > https://forum.pfsense.org/index.php?topic=68762.0 > > Jopoy > > On Mar 24, 2014, at 8:22 AM, Walter Parker <[email protected]> wrote: > >> From the status menu, select System Logs >> From the system logs page, click on Settings >> Scroll down to Remote logging Options >> >> Enable Remote logging >> For the remote Syslog Servers, enter the address of your syslog server (any >> Linux or FreeBSD server running a copy of syslog that will take outside >> logging). >> It will send all of the system logs to the syslog host. >> >> Note, squid is an application/package and its log files will not be >> included. Either the squid config will have to be changed, or you could try >> using rsync to copy the logs. >> >> >> Walter >> >> >> >> On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao <[email protected]> wrote: >> Please guide me how u do this on pfsense firewall >> >> >> . We’ve already managed to block one user who lives in close proximity for >> stealing internet (500MB of Youtube videos in less than 3 hours during a >> very busy time of day*) >> >> Thnx >> Mohan >> >> On Mar 25, 2014 12:14 AM, "Ryan Coleman" <[email protected]> wrote: >> Now that I have the network stable (thank you so much!) I have another task >> I need/want to accomplish: >> >> Does anyone have recommendations or suggestions for off-loading log files at >> the end of the day to another server? Specifically I’m wanting the system >> log and the squid logs sent out and rotated afterwards. We’ve already >> managed to block one user who lives in close proximity for stealing internet >> (500MB of Youtube videos in less than 3 hours during a very busy time of >> day*) but I would like to set up something that crawls through the raw files >> automatically every night and report back via email. >> >> I can write the script to crawl the data - that’s not a problem - it’s just >> that the ALIX board is not powerful enough to handle the needs I have. >> >> Thanks again, >> Ryan >> >> * I still have a few stages to hit on the deployment but that user will >> eventually be unblocked. We had to rollback the throttling configuration >> while we were having stability issues. Right now we’re at 60 hours and >> counting and I plan to re-implement that limiter tomorrow morning. >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> >> >> >> -- >> The greatest dangers to liberty lurk in insidious encroachment by men of >> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list > > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
