[CentOS] Browser related question

Mon Feb 1 19:02:19 UTC 2010
Arturas Skauronas <helpaz at gmail.com>

On Fri, Jan 29, 2010 at 10:12 AM, Rajagopal Swaminathan
<raju.rajsand at gmail.com> wrote:
> Greetings,
>
> How does one monitor if a site is being accessed using browser?
>
> IOW, I just want to know if a user has launched a session thru Firefox.
>
> I basically want to know if a user has tried to access the webserver
> and unable to reach it and log such instances.
>
> I am using cron and curl to seperately monitor the link.
>
> Any clues?
>
> Centos 5.2/Gnome/Firefox 3.0.16
>
> Regards
>
> Rajagopal

why not to try do this with iptables with combination with inotify
from man iptables
--uid-owner userid
              Matches if the packet was created by a process with the
given effective user id.

 --gid-owner groupid
              Matches if the packet was created by a process with the
given effective group id.
--cmd-owner name
              Matches  if  the packet was created by a process with
the given command name.  (this option is present only if iptables was
compiled under a kernel supporting this feature)

then adding in iptables rule -j LOG --log-level 4 --log-prefix "some_prefix "

secondly you can watch connection states with commands:
-m state --state NEW
SYN packet was sent
-m state --state ESTABLISHED,RELATED
you are getting response


and then in syslog.conf
kern.warning /var/log/iptables.log

you then can watch with inotify /var/log/iptables.log file and do
whatever you should

Also i would watch not only trafiic to external tcp 80 port, but also
and tcp/udp 53 port.

browser can even don't try to load page if it doesn'i resolve dns
name, or entered domain does not exist.