Chinaunix

标题: 客户端IP、用户信息 [打印本页]
作者: wang_bupt    时间: 2008-07-21 19:04
标题: 客户端IP、用户信息
本帖最后由 wang_bupt 于 2011-08-24 09:05 编辑

在企业环境里面

代理服务器记录客户端IP、用户信息.pdf

306.63 KB, 下载次数: 717

squid-2.6 反向代理服务器.pdf

276.09 KB, 下载次数: 627
作者: wang_bupt    时间: 2008-07-21 19:08
不知道发这里是否合适,如有问题。版主手下留情啊:)

闪人!
作者: chenyx    时间: 2008-07-21 19:43
支持原创发帖。。。。。。
作者: dexter_yccs    时间: 2008-07-21 20:41
日志分析的软件都可以做以这个了
作者: streetboy85    时间: 2008-07-21 20:59
我看看...
作者: cuci    时间: 2008-07-21 21:02
只要是技术非AD,都会支持
作者: liaosnet    时间: 2008-07-21 21:50
UPUPUPUP~~
作者: jerrywjl    时间: 2008-07-22 08:54
UP...................
作者: polokus    时间: 2008-07-22 09:06
下载了瞧瞧看,呵呵。。。
作者: streetboy85    时间: 2008-07-22 09:31
增加了squid-2.6 反向代理服务器.pdf
再顶
作者: 志国    时间: 2008-07-22 10:49
谢谢!有机会试一试!
作者: ylcqen    时间: 2008-07-22 11:36
支持原创!
作者: polokus    时间: 2008-07-22 11:54
楼主又加了一个附件啊,呵呵,不错不错
作者: b2linux    时间: 2008-07-22 14:37
标题: 回复 #1 wang_bupt 的帖子
不错, 做用户记录, 用代理的方式 量重了点
作者: feiyueheu    时间: 2008-07-22 15:21
最好是多多介绍原理和配置.
作者: stf9    时间: 2008-07-22 15:48
标题: 帮我看看。。。。
在AS4下这么做肯定没问题吗?

我在AS5下做到发现无法验证,哪位能帮我看看smb.conf和krb.conf都没问题,可以加入域


配置文件

http_port 隐去
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
visible_hostname proxytest
dns_nameservers 隐去
client_netmask 255.255.255.255

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.6-ntlmssp
auth_param ntlm children 20
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.6-basic
auth_param basic children 200
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours


acl NTLMUsers proxy_auth REQUIRED
http_access allow  NTLMUsers

#############ACL###############

acl allowvlan src 192.168.1.0/24
#acl denyvlan src "/etc/squid/acl/denyvlan"
#acl denydomain dstdomain "/etc/squid/acl/denydomain"
#acl denyweb dst "/etc/squid/acl/denyweb"

#############http_access##########

#http_access deny denyvlan
#http_access deny denydomain
#http_access deny denyweb
http_access allow allowvlan




在重启服务时日志报的错误信息




Valid helper protools:

squid-2.4-basic
squid-2.5-basic
squid-2.5-ntlmssp
ntlmssp-client-1
gss-spnego
gss-spnego-client
ntlm-server-1
unknown helper protocol [squid-2.6-basic]

Valid helper protools:

squid-2.4-basic
squid-2.5-basic
squid-2.5-ntlmssp
ntlmssp-client-1
gss-spnego
gss-spnego-client
ntlm-server-1
unknown helper protocol [squid-2.6-basic]

Valid helper protools:

squid-2.4-basic
squid-2.5-basic
squid-2.5-ntlmssp
ntlmssp-client-1
gss-spnego
gss-spnego-client
ntlm-server-1
2008/07/17 17:08:13| Unlinkd pipe opened on FD 410
2008/07/17 17:08:13| Swap maxSize 102400 KB, estimated 7876 objects
2008/07/17 17:08:13| Target number of buckets: 393
2008/07/17 17:08:13| Using 8192 Store buckets
2008/07/17 17:08:13| Max Mem  size: 65536 KB
2008/07/17 17:08:13| Max Swap size: 102400 KB
2008/07/17 17:08:13| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/07/17 17:08:13| Rebuilding storage in /var/spool/squid (DIRTY)
2008/07/17 17:08:13| Using Least Load store dir selection
2008/07/17 17:08:13| Set Current Directory to /var/spool/squid
2008/07/17 17:08:13| Loaded Icons.
2008/07/17 17:08:14| Accepting proxy HTTP connections at 192.168.1.101, port 8080, FD 412.
2008/07/17 17:08:14| Accepting ICP messages at 0.0.0.0, port 3130, FD 413.
2008/07/17 17:08:14| WCCP Disabled.
2008/07/17 17:08:14| Ready to serve requests.
2008/07/17 17:08:14| WARNING: basicauthenticator #57 (FD 262) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #56 (FD 261) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #48 (FD 253) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #54 (FD 259) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #53 (FD 25 exited
2008/07/17 17:08:14| WARNING: basicauthenticator #52 (FD 257) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #51 (FD 256) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #50 (FD 255) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #49 (FD 254) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #41 (FD 246) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #47 (FD 252) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #46 (FD 251) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #45 (FD 250) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #44 (FD 249) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #43 (FD 24 exited
2008/07/17 17:08:14| WARNING: basicauthenticator #42 (FD 247) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #34 (FD 239) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #40 (FD 245) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #39 (FD 244) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #38 (FD 243) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #37 (FD 242) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #36 (FD 241) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #35 (FD 240) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #27 (FD 232) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #33 (FD 23 exited
2008/07/17 17:08:14| WARNING: basicauthenticator #32 (FD 237) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #31 (FD 236) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #30 (FD 235) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #29 (FD 234) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #28 (FD 233) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #20 (FD 225) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #26 (FD 231) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #25 (FD 230) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #24 (FD 229) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #23 (FD 22 exited
2008/07/17 17:08:14| WARNING: basicauthenticator #22 (FD 227) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #21 (FD 226) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #13 (FD 21 exited
2008/07/17 17:08:14| WARNING: basicauthenticator #19 (FD 224) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #18 (FD 223) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #17 (FD 222) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #16 (FD 221) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #15 (FD 220) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #14 (FD 219) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #6 (FD 211) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #12 (FD 217) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #11 (FD 216) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #10 (FD 215) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #9 (FD 214) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #8 (FD 213) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #7 (FD 212) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #5 (FD 210) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #4 (FD 209) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #3 (FD 20 exited
2008/07/17 17:08:14| WARNING: basicauthenticator #2 (FD 207) exited
2008/07/17 17:08:14| WARNING: basicauthenticator #1 (FD 206) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #194 (FD 199) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #200 (FD 205) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #199 (FD 204) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #198 (FD 203) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #197 (FD 202) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #196 (FD 201) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #195 (FD 200) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #187 (FD 192) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #193 (FD 19 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #192 (FD 197) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #191 (FD 196) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #190 (FD 195) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #189 (FD 194) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #188 (FD 193) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #180 (FD 185) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #186 (FD 191) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #185 (FD 190) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #184 (FD 189) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #183 (FD 18 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #182 (FD 187) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #181 (FD 186) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #173 (FD 17 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #179 (FD 184) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #178 (FD 183) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #177 (FD 182) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #176 (FD 181) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #175 (FD 180) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #174 (FD 179) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #166 (FD 171) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #172 (FD 177) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #171 (FD 176) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #170 (FD 175) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #169 (FD 174) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #168 (FD 173) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #167 (FD 172) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #159 (FD 164) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #165 (FD 170) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #164 (FD 169) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #163 (FD 16 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #162 (FD 167) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #161 (FD 166) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #160 (FD 165) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #152 (FD 157) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #158 (FD 163) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #157 (FD 162) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #156 (FD 161) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #155 (FD 160) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #154 (FD 159) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #153 (FD 15 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #145 (FD 150) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #151 (FD 156) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #150 (FD 155) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #149 (FD 154) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #148 (FD 153) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #147 (FD 152) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #146 (FD 151) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #138 (FD 143) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #144 (FD 149) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #143 (FD 14 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #142 (FD 147) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #141 (FD 146) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #140 (FD 145) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #139 (FD 144) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #131 (FD 136) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #137 (FD 142) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #136 (FD 141) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #135 (FD 140) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #134 (FD 139) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #133 (FD 13 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #132 (FD 137) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #124 (FD 129) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #130 (FD 135) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #129 (FD 134) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #128 (FD 133) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #127 (FD 132) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #126 (FD 131) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #125 (FD 130) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #123 (FD 12 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #122 (FD 127) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #121 (FD 126) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #120 (FD 125) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #119 (FD 124) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #118 (FD 123) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #117 (FD 122) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #110 (FD 115) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #116 (FD 121) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #115 (FD 120) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #114 (FD 119) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #113 (FD 11 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #112 (FD 117) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #111 (FD 116) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #103 (FD 10 exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #109 (FD 114) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #108 (FD 113) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #107 (FD 112) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #106 (FD 111) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #105 (FD 110) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #104 (FD 109) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #96 (FD 101) exited
2008/07/17 17:08:14| WARNING: ntlmauthenticator #102 (FD 107) exited
2008/07/17 17:08:14| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!

Squid Cache (Version 2.6.STABLE6): Terminated abnormally.
CPU Usage: 0.104 seconds = 0.050 user + 0.054 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
        total space in arena:    5724 KB
        Ordinary blocks:         5660 KB     60 blks
        Small blocks:               0 KB      0 blks
        Holding blocks:           244 KB      1 blks
        Free Small blocks:          0 KB
        Free Ordinary blocks:      63 KB
        Total in use:            5904 KB 99%
        Total free:                63 KB 1%
unknown helper protocol [squid-2.6-basic]
作者: gigabyte    时间: 2008-07-22 16:18
看看,下来        谢谢
作者: alin999    时间: 2008-07-23 07:35
顶! 原创的一定要顶!
作者: ruochen    时间: 2008-07-23 09:08
谢谢
upupup
作者: drunkedfish    时间: 2008-07-23 09:51
UP 这个有意思
作者: swordfish.cn    时间: 2008-07-23 10:16
支持原创。
作者: liwei6998    时间: 2008-07-23 10:49
感谢楼主提供这么好的资料。
作者: ipaddr    时间: 2008-07-23 10:53
现在很多开源的,免费的Linux防火墙,功能都很强劲的,当然,也包括这功能。
作者: wangjian0709    时间: 2008-07-23 11:54
study thanks
作者: wang_bupt    时间: 2008-07-23 12:00
Thanks for my teacher, jerrywjl He help me a lot.
作者: dotone    时间: 2008-07-23 22:53
原帖由 wang_bupt 于 2008-7-21 19:04 发表
在企业环境里面,客户端通过代理访问外部网络 web 服务器。IT方面可能有这样的需求,需要能够记录什么用户,从什么IP,在什么时间点,访问了外部网络哪个 web 站点。

在 squid-2.5 和 squid-2.6 上均做了实验 ...



反向代理再加上用户认证就更好了。只有认证通过的用户才能通过代理访问指定的服务器,更适合企业应用吧。
作者: nmwhfx    时间: 2008-07-24 00:47
支持一个,哈哈.测试下能不能使用.
作者: jmuxiaoke    时间: 2008-07-24 10:07
不错哦..支持! SQUID 可以做CDN方面..
作者: stf9    时间: 2008-07-24 10:45
标题: winbind出现问题!
[root@proxytest /]# service winbind restart

Shutting down Winbind services:                            [FAILED]
Starting Winbind services:                                        [  OK  ]

[root@proxytest /]# service winbind status
winbindd dead but pid file exists

[root@proxytest /]# wbinfo -u
Error looking up domain users
作者: zgt0    时间: 2008-07-24 10:50
先下载下来看看
作者: linuxnature    时间: 2008-07-24 11:04
标题: 回复 #1 wang_bupt 的帖子
向楼主学习。支持原创!
作者: jn200002    时间: 2008-07-24 11:06
了解了解
作者: yoursmile    时间: 2008-07-24 11:32
很适合初学者.呵呵.
支持下楼主~
作者: schch    时间: 2008-07-24 11:36
强烈支持你哈....
作者: FeelingBoy    时间: 2008-07-24 13:31
标题: 回复 #1 wang_bupt 的帖子
gou la ji de
作者: ylcqen    时间: 2008-07-24 14:18
好东西!总是能吸引如此多的人!
作者: 飞哥2005    时间: 2008-07-24 18:32
我也顶你一个 ,,,,,,,,,,,,,,,,,,,,,
作者: root@China    时间: 2008-07-25 05:37
不错,谢谢了。
作者: gyl4802959    时间: 2008-11-03 15:27
顶……
作者: 双鱼石    时间: 2008-11-05 08:46
收藏着看看了   顶一下
作者: gyl4802959    时间: 2009-01-19 13:35
顶……
作者: 06061124    时间: 2010-05-24 13:59
谢谢了,下下来学习学习
作者: q1030965736    时间: 2013-01-04 21:36
lol
作者: hsjz81    时间: 2013-08-30 11:32
顶一个!!!!!!!!
作者: yinsong198611    时间: 2013-09-02 13:38
1024.............



欢迎光临 Chinaunix (http://bbs.chinaunix.net/) Powered by Discuz! X3.2