Client IPs logging and/or transparent

From: John Lauro <john.lauro#covenanteyes.com>
Date: Fri, 30 Jan 2009 22:48:11 -0500


Hello,  

Running mode tcp in case that makes a difference for any comments, as I know there are others options for http.  

I need to preserve for auditing the IP address of the clients and be able to associate it with a session. One problem, it appears the client IP and port are logged, however it appears that only the final server is logged, but not the source port for the outgoing connection. In theory, assuming ntp in sync, I should be able to tie the logs together if I had the port number that was used in the outgoing connection. Is there some way to turn this on, or am I just missing it from the logged line?  

The other option appears to be to setup haproxy act transparently. This appears to be rather involved and sparse on details. Based on examples I found on using squid with it, it appears to be more involved then just updating kernel. If anyone can post some hints on their setup with haproxy (sample config files and sample iptables (or are they not required)) that would be great. If there is a yum repository with a patched kernel and other bits ready to install that would be even better.  

In some ways it looks rather messy to setup and support, but IP tracking is important.       Received on 2009/01/31 04:48

This archive was generated by hypermail 2.2.0 : 2009/01/31 05:00 CET