5 Replies Latest reply: Mar 22, 2012 9:23 PM by Camelot
Mr.1977 Level 1 Level 1 (0 points)

I use a Fortigate router and would like to track what sites are visited by the people using my network. Was told if you set up a syslog server we can dump the information from the fortigate to it.

 

I am using a MacMini server 10.6 and would like to know the best way of going about this. Is there a program out there I can use? Thanks

 



Mac Mini, Mac OS X (10.6.4)
  • Camelot Level 8 Level 8 (46,255 points)

    You already have a syslog server. One is built-in to every version of Mac OS X. It's the system that builds the standard system logs (well, technically, it's not syslog, per se. since it's an Apple-developed log server, but it follows the syslog standards, so for all intents and purposes, it counts).

     

    The main caveat is that the log daemon, by default, only accepts log messages from the machine itself, not network clients. You'll need to edit the configuration to support network logging.

     

    The logging process is managed by launchd, and it's configuration file is at /System/Library/LaunchDaemons/com.apple.syslogd.plist

     

    If you check this file you'll see a commented section that talks about network logging:

     

    <!--

            Un-comment the following lines to enable the network syslog protocol listener.

    -->

    <!--

                    <key>NetworkListener</key>

                    <dict>

                            <key>SockServiceName</key>

                            <string>syslog</string>

                            <key>SockType</key>

                            <string>dgram</string>

                    </dict>

    -->

    Uncomment this section to enable the network listener, then just point your firewall to log to your server's IP address.

  • Mr.1977 Level 1 Level 1 (0 points)

    OK thanks, do you know of any Mac Program which will help with this process of recording?

  • Camelot Level 8 Level 8 (46,255 points)

    OK, you totally lost me.

     

    Do you mean recording, or logging the web sites? as per your original request?

     

    If so - I already answered that - you ALREADY have a log server installed on your machine. You need to edit the configuration (as I explained) to enable network logging, then configure your firewall to send its logs to your server.

     

    The logs will be written in /var/log/ and you can use Console.app to view them.

  • Mr.1977 Level 1 Level 1 (0 points)

    Sorry my bad. I understand the process I need to do to be able to log the websites visited by people on my network. I was just wondering if there was a fancy program which would look at this data and tell me things like:

     

    On Monday's between 8:00am and 11:00am the website Facebook was visited 500 times. etc.

     

    Thanks

  • Camelot Level 8 Level 8 (46,255 points)

    That depends entirely on how the firewall writes the logs and how easy that is to parse. Since it's running under syslog it's not likely to be directly parsable by the common Apache/HTTP log analysis tools, but without knowing the format it's impossible to tell.