[ previous ] [ next ] [ threads ]
 
 From:  =?windows-1252?Q?Sa=9Aa_Stjepan_Bak=9Aa?= <sasa dash stjepan dot baksa at os dot t dash com dot hr>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] log visited sites of captive portal users.
 Date:  Fri, 01 May 2009 19:46:18 +0200
YvesDM wrote:
> On Thu, Apr 30, 2009 at 4:42 PM, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>
>   
>> YvesDM wrote:
>>
>>     
>>> Hi,
>>>
>>> New laws in europe force us to keep track of our captive portal users.
>>> I've been thinking of adding logrules on dest ports 80,443,22,etc and log
>>> everything to a remote syslog server.
>>> On the other hand we've got quite some hotspots and I'm afraid this will
>>> generate tons of traffic.
>>> Anyone who has worked out a solution already to do this with m0n0wall?
>>>
>>>       
>> Ask a lawyer.  Seriously...  Some of these new requirements are totally
>> insane.  One bill here that may still become law will require home users to
>> keep logs of everything from there home wifi router for 3 years!
>>     
>
>
> Yes, I know, INSANE !!! But still we 'll have to deal with it when it
> becomes law.
>   
We need something like a lobbying against that around all countries for 
that to newer happen.
>
>   
>> A lawyer can tell you if you can just get away with using radius to track
>> captive portal logins, or if you will need more.  There may be some "unfair
>> burden" provisions that exempt you from some things if there are not
>> supported by your existing equipment.
>>     
>
>
> Yes, radius db can tell me who was logged in on a certain hotspot on a
> certain time, but when there were 20 users logged in that time, we still
> have a problem as we don't know who visited the "wrong" website. I
> understand your way of thinking with the lawyer stuff, but really, if this
> becomes law we will have to deal with this.
> Official instances really won't care if those things aren't supported with
> our existing equipment, they will ask us to change it so we CAN have the
> necessary logfiles. I think we better start thinking/testing, wheter we like
> it or not.
>
>
> Yves
>
>   
Squid or Squid like software is the best deal. Squid can authenticate 
against the same radius which you
use to authenticate your hotspot users. Logs can then been transfered to 
database (mysql, postgres, name-your-poison)
where we can with "simple" SQl query's search trough saved data. Yes, I 
know that require more firepower but
either that or lobbying against the stupid low.

Sasa