Answer the question
In order to leave comments, you need to log in
Monitoring site visits by office staff. SQUID or are there alternatives?
I ask for advice on a question that I am simultaneously studying and getting more and more confused.
Purpose: monitoring site visits by office staff, identifying idlers :) the number of jobs is about 40, but it is growing.
Next, we will soon move to the domain. As far as I understand, SQUID can write the domain account name to the logs, but not in transparent mode, which is bad.
For the gateway, I can start a virtual machine (preferably), or a physical machine.
In SQUID, setting up work with HTTPS is scary, judging by the well-known article on Habré, all this is somehow flimsy and strangely working, at least I got that impression.
The question is: is this the only way to keep normal records at the moment, or are there simpler alternatives? I had a quick look at commercial Linux-based gateways and didn't like anything... Ideco was impressed, but their subscription model is not at all satisfactory.
Answer the question
In order to leave comments, you need to log in
"Transparent" Squid with filtering HTTPS resources without replacing certificates (x86, x64 - universal instruction )
Maybe Pfsense will appeal to IMHO: as for the gateway, there is a lot of functionality (squid, squid guard. clamav, the ability to implement various VPNs, traffic capture, etc. and all this from the web muzzle - including the installation of additional packages based on the latest fryaha). I got it on xen with half a kick, I think there should be no problems on KVM either. True, it requires a minimum gig of RAM, well, they are whistle-blowers to eat memory.
Monitoring site visits by office staff. SQUID or are there alternatives?Administrative problems should not be solved technically! If the manager cannot organize the workflow, is not able to establish feedback, then it may not be the employees, but the management and the business processes themselves. It's simple: block the wired Internet, they will sit from smartphones and tablets, hang around in the smoking room, rummage around the territory, or knead boobs in the workplace.
In an organization, everything is implemented quite simply, if the first and main rule is observed - the Principle of the First Head
Monitoring the attendance of the tyrnet by employees is one of the main measures to control the (in) purposeful spending of working time. In fact, everything is done simply as a log.
1. CA is deployed (not necessarily on Windows, even better on linux)
2. CA issues certificates for proxy
3. CA certificate is put to all users as trusted using GPO. This is the key point.
4. Proxy settings are prescribed for everyone through GPO
5. If access groups are needed (and they will certainly be needed), groups are made, there are a lot of mana in this case, by the way, I'm going to write a detailed article about this soon.
6. After the statistics has gone, it needs to be processed with something - squid issues only a raw log. I'm using a certain bike, washed down a long time ago from a fork of sarg.
What about the Principle of the First Leader? You will have to make changes to the settings of user computers and not everyone will be happy that vkontaktik has disappeared :)
In general, squid, and yes, you will have to hemorrhoid on the https account.
Regarding:
It works and you can solve the biggest problem in the form of self-signed certificates quite bloodlessly when you raise the domain at the same time and raise your CA that domain users will trust, again, destroy it with politicians.
In transparent mode, of course, you can get confused, but it's better to fasten access through the domain.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question