AW: Logging Traffic by user @ OpenSSH 3.8.1
From: Miro Dietiker, MD Systems (info_at_md-systems.ch)
Date: 09/05/05
- Previous message: guyverdh_at_mchsi.com: "SSHD and SSH Call-out via Port Knocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Q nix'" <qnix@bsdmail.org> Date: Mon, 5 Sep 2005 23:44:38 +0200
Thanks qnix, I was also thinking of that, but in my case, users aren't
the same entity as IPs...
If I say user, I'm talking of the loginname or the UID of the user,
where
most of those users use dynamic allocated IPs (Modem, DSL, Cable), which
is
meaning they change ips regularly. Also I won't know which IP uses which
loginname/UID because this is already encrypted. So an external
borderline
Traffic analyzer won't be able to get that information, but the
SSH-Server
needs to implement this internally (as a module?)..
Very simple implementation possibililty:
On all current connections in OpenSSH, write traffic counters
(difference) in files with timestamps in a folder (let's say
/var/log/ssh/usertraffic) where each user has a single file every N (5
would be nice) minutes.
To be complete, there may be an additional line on login and on logout.
Thanks for more input...
+-------------------------------+ +-------------------------------+
| Miro Dietiker | | MD Systems Miro Dietiker |
| | | www.md-systems.ch |
+-------------------------------+ +-------------------------------+
-----Ursprüngliche Nachricht-----
Von: Q nix [mailto:qnix@bsdmail.org]
Gesendet: Montag, 5. September 2005 21:20
----- Original Message -----
From: "Miro Dietiker, MD Systems" <info@md-systems.ch>
Date: Sat, 3 Sep 2005 00:50:07 +0200
>
> Hi!
>
> For a productive environment we are currently logging via iptables all
> SSH traffic for specific machines. Due to the reason, that multiple
> customers use SSH on that machine, we need to log the traffic amount
of
> each user.
> Before, data transfer have most been done via ftp and www by our
> customers. We like to provide ssh/sftp access or data tunnelling for
all
> customers on a shared machine, where the measurement of the usage per
> customer seems not possible from my point of view. And in the same
> moment all is out of controle!
>
> Current Development environment:
> OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e, 25Oct 2004
>
> Is there anyone having an idea how to create a per user traffic log?
>
> Thanks a lot!
>
> +-------------------------------+ +-------------------------------+
> | Miro Dietiker | | MD Systems Miro Dietiker |
> | Dipl. Ing. FH Elektrotechnik | | Alte Zürcherstrasse 10 |
> | | | 8903 Birmensdorf |
> | | | |
> | Mobile: +41 (0)78 707 30 10 | | Geschäft: +41 (0)43 344 03 56 |
> | | | Fax: +41 (0)43 344 03 57 |
> | m.dietiker@md-systems.ch | | info@md-systems.ch |
> | | | www.md-systems.ch |
> +-------------------------------+ +-------------------------------+
if you know how to creat and manage a trafic counter or something like
that ... it will make it very easy
there are many things you can depend on to creat a per user traffic
logger ..
e.g my ip is 2.2.2.2.2 and iam in ssh ... you write a programe that if
2.2.2.2 use tcp/ip port 22 start count
traffic ... and to make it more powerfull you can count it by ip +
hostname + other information .
regards,
-- _______________________________________________ Get your free email from http://mymail.bsdmail.com
- Previous message: guyverdh_at_mchsi.com: "SSHD and SSH Call-out via Port Knocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
