Skip navigation

Need to create a syslog to track websites visited.

1118 Views 5 Replies Latest reply: Mar 22, 2012 9:23 PM by Camelot RSS
Mr.1977 Calculating status...
Currently Being Moderated
Mar 19, 2012 2:02 PM

I use a Fortigate router and would like to track what sites are visited by the people using my network. Was told if you set up a syslog server we can dump the information from the fortigate to it.

 

I am using a MacMini server 10.6 and would like to know the best way of going about this. Is there a program out there I can use? Thanks

 


Mac Mini, Mac OS X (10.6.4)
  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Mar 19, 2012 8:06 PM (in response to Mr.1977)

    You already have a syslog server. One is built-in to every version of Mac OS X. It's the system that builds the standard system logs (well, technically, it's not syslog, per se. since it's an Apple-developed log server, but it follows the syslog standards, so for all intents and purposes, it counts).

     

    The main caveat is that the log daemon, by default, only accepts log messages from the machine itself, not network clients. You'll need to edit the configuration to support network logging.

     

    The logging process is managed by launchd, and it's configuration file is at /System/Library/LaunchDaemons/com.apple.syslogd.plist

     

    If you check this file you'll see a commented section that talks about network logging:

     

    <!--

            Un-comment the following lines to enable the network syslog protocol listener.

    -->

    <!--

                    <key>NetworkListener</key>

                    <dict>

                            <key>SockServiceName</key>

                            <string>syslog</string>

                            <key>SockType</key>

                            <string>dgram</string>

                    </dict>

    -->

    Uncomment this section to enable the network listener, then just point your firewall to log to your server's IP address.

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Mar 21, 2012 10:54 AM (in response to Mr.1977)

    OK, you totally lost me.

     

    Do you mean recording, or logging the web sites? as per your original request?

     

    If so - I already answered that - you ALREADY have a log server installed on your machine. You need to edit the configuration (as I explained) to enable network logging, then configure your firewall to send its logs to your server.

     

    The logs will be written in /var/log/ and you can use Console.app to view them.

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Mar 22, 2012 9:23 PM (in response to Mr.1977)

    That depends entirely on how the firewall writes the logs and how easy that is to parse. Since it's running under syslog it's not likely to be directly parsable by the common Apache/HTTP log analysis tools, but without knowing the format it's impossible to tell.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.