Here are the responses. Can this be put under FAQ [:)] :
Have you tried http.debug ? (peter.allan@aeat.co.uk)
It doesn't work.
Set up process accounting (roy@bluestone.com)
Process accounting shows processes associated
with user-id. There is no user-id here.
http is a conectionless protocol. There is no "logff".(bleary@state.ma.us)
Web Browsers *do not maintain any Network Connection* (bern@uni-trier.de)
The web is more or less connection less (nrd@XOX.com)
Users are "logged on" only during downloading file (gdonl@gv.ssi1.com)
Last 4 responses were summarized by a detailed (and interesting !) email from
Ed Sanborn(esanborn@datacube.com). Here is his response :
1. The HTTP traffic maps to an originating IP address, not userid.
Anyone could say that they someone else executed a browser from
their machine remote display'ing it back on their machine. Sort of
like stealing a calling card.
2. If you have multiple accounts on a server then you'll never
know who on that server actually generated the traffic because...
(see #1 above).
3. Any Web sites that are visited have their pages disk and ram
cached locally. What this means is that people who do alot of
jumping around show lot's of traffic but someone who jumps back and
forth between several sites consistently do not traverse the firewall
as much thereby seem to use it less.
4. Although the proxy date stamps all connects, it is not possible
to determine how much time is spent perusing the pages.
5. People who are web-surfing notoriously do so while multiplex'ing
along with other tasks on a workstation such as compiles, etc. There
isn't an easy way to show this facet.
6. Similar to #4,and #5 above, people are prone to leaving there
desks, taking breaks, etc. There is no way to account for this for
any time estimate spent on the Web.
My Conclusion
-------------
Try to convince management the above mentioned points and give them details
regarding total number of connections and top 5/10 sites visited by a person.
Thanks for your words of wisdom ! Original question follows.
...manjeet
------------------- Original Question ----------------------------
Hello Managers,
I have setup an http proxy server (which is also a firewall w/s). My
users are PC-users who connect to proxy and access web. I get 2 logs:
one from firewall(solastice firewall 2.0) - $FWDIR/log/fw.log &
other from proxy(netscape proxy 1.12) - /var/ns-proxy/logs/access
Both these logs show when user(actually ip address/station name) initiated
http access. It doesn't show when user logged off. Management needs to
know how long user was logged on (!). I have looked into unix-accounting
setup but since these users never 'log-in' (they don't have user account
on proxy server), nothing shows up. I have tried putting http.* entry in
/etc/syslog.conf file but nothing fills up in the designated file.
System is Netra 2.0 on Netra 625i.
Is it possible to know 'connect duration of each w/s' ?
Thanks and I will summarize.
...manjeet
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:01 CDT