Controlling HTTP traffic in BorderManager by Trapper
Novell Cool Solutions: Trench
By Victor Kulichkin
Digg This -
Posted: 28 Sep 2005
Many programmers offer programs for processing common log files of Novell BorderManager. The Trapper application also analyzes these log files, yet it is not a simple handler of NBM logs. In this program, information from log files is supplemented by info from NDS, your NetWare servers, workstations, and data that your admin enters there. This information can be used to create all kinds of reports, as well as for Internet access control of your users using NBM. Also, if there is a LinkWall by Connectotel (http://www.Connectotel.com) in your network, then you may block user access to unwanted websites and domains directly from the program.
The program consists of two functionally independent parts:
- Trapper Engine ("TrapEngine") - Scans the Common log files, forms the Trapper database ("Database"), controls an Internet access by criteria established in Trapper Admin, sets starting parameters for forming Database, fulfills backup and restore operations, and automatically forms three types of daily reports. This program can handle information in real time:
- Trapper Admin ("TrapAdmin") - Browses and edits the database, creates nine report variations, introduces limitations on Internet downloads, controls Internet user access, blocks user access to unwanted websites and domains, and gives personal user information from NDS:
Main requirements for the program. You must set Novell Client at the workstation and enable creation of common log files and proxy authentication on NBM. For a workstation with TrapEngine, you must provide access to the Common log directory of NBM and admin NDS rights on the NBM server and containers of your users. For TrapAdmin, it is necessary to give access only to the Database directory.
Usage scenarios. The documentation describes four use cases for Trapper. The simplest is the local variant, where TrapEngine and TrapAdmin are installed on the same admin workstation:
However, if Internet access must be inspected at once for several workstations, you can easy change this approach. To do this, you must set TrapAdmin on these workstations and give them access to the Database directory:
Note: In this approach, the admin workstations with TrapAdmin for Internet access control must have access only to the Database directory. They do not need any admin rights in NDS!
Creation of the Database in TrapEngine. Click Start in the TrapEngine window. If this is the first start of TrapEngine, the program prompts you to indicate the path to the Common Log directory (otherwise, TrapEngine offers to confirm start parameters from the last start of TrapEngine). Then a window opens where you select log files for processing:
TrapEngine handles all the files you keep in the Select list. Using the window controls, you can carry out flat or precision tuning of this process. The flat tuning eliminates the handling of whole files. The precision tuning allows you to select a start point of handling inside the first file of Select. On subsequent starts of TrapEngine, the list of log files in Select will be another in this window. This depends on the last file that was handled by TrapEngine. For example, if you stopped TrapEngine on processing 030326-A.LOG, then the list will begin from 030326-A.LOG (but not from 030314-A.LOG).
The process of choosing log files for handling is called "creation of account period." The start of this period always begins after the first start of TrapEngine. Its finish is always after the Account period button is clicked in TrapEngine, which clears the Database entirely and prepares it for the next account period. We do not recommend setting an account period for large periods of time. The optimal value is one month.
After you choose log files for an account period, the program begins to fill the database. TrapEngine uses two modes: Start Thread and Main Thread. The first mode handles all selected files in the Select list, except for the last (current) file. The Start Thread box allows you to control this mode. The second mode always works with a last (current) file and always writes information to the Database in real time. Main Thread operates by constructing interrogations of this file for the defined time slice. You can set this time period in the Main Thread box. These periodic interrogations allow the program to get information about a user's work on the Internet at the given instant.
To create the Database you also can use the TrapEngine filters (by clicking the Filters button):
In this window you can specify what information TrapEngine should ignore. The program offers you nine kinds of filters. For example, TrapEngine will not write info into the Database if the user received HTTP packets with the codes by RFC 2616, or if NBM could not define a user's name.
The Database uses the following files:
- ENGINE.DBF – the configuration database of TrapEngine. It keeps its startup parameters and has only one record.
- TRAPPER.DBF – the main database of the program. Each record of this database is assigned to each NBM user:
- The user database – formed for each user. The generator of sequential hexadecimal numbers assigns a name to each such database and writes it to the User DB column of TRAPPER.DBF. This database has the following DBF structure:
Database editing in TrapAdmin. The program allows you to edit only the main base TRAPPER.DBF, and it does some corrections in ENGINE.DBF fields. The user databases will be accessible to you only for reviewing and creating reports. In TrapAdmin you can do the following operations with TRAPPER.DBF:
- Add and delete users.
- Pack (reduce the size of) the Database.
- Set limitations on Internet downloading for each user (the column Limit).
- Import department names of your company users, from NDS to the column Department.
- Define a username if NBM could creat it. In this case, there is a user IP address in the column User Name.
- Join records.
Report creation. The program allows you to create 12 kinds of reports, which include: statistics of a user's work on the Internet for a day or an account period, information for users or their departments, and information of visited websites. All created reports can be saved into HTML files. For detailed information, see the Trapper documentation. Below are three of the many variations of these reports:
- Common report. All info of the main window will be included into this report:
- Website report. This report tracks all sites your users visited for the account period:
Note that in this window you can get info about users who visited these sites when you select a site and click Visitors.
- IP report. The report shows users who used a given IP address for an account period. We recommend it for tracking users who borrowed other usernames for accessing the Internet:
In this example, the workstation 172.16.2.1 accessed the Internet using two login names. You can see it in the formed list; the field is near the Users button.
Billing operation. If Internet service is not free of charge in your network (each user must pay for information access), then you need to specify the cost of this information in the Billing box of TrapEngine. However, remember that if you change these parameters later, you will have to stop TrapEngine, create a new account period, and set the new values in this box. Otherwise, TrapAdmin cannot define what initial parameters were used for billing.
Internet access control. For this operation TrapEngine uses the NDS Thread mode. This mode will create the Trapper group in NDS and a rule in the AC rule list of NBM:
In these screenshots, you can see that any user who is a member of the Trapper group will be blocked by NBM.
TrapAdmin controls this operation, using the Loading and Limit columns. The Loading column stores info that your users got from Internet for an account period. In the Limit column you enter a limit value on downloading for each user. If the value in Loading exceeds the a value in Limit, then the user record appears in red in TrapAdmin, and TrapEngine writes his name into the Trapper group:
Here's how this operation works in TrapEngine. After NDS Thread starts, TrapEngine begins to scan TRAPPER.DBF. The Loading and Limit column checks are done for each user, as described above. After this database checking, NDS Thread compels NBM to refresh its AC rule list (this operation is like clicking Refresh Server in NWAdmin). Then NDS Thread ends its operations and waits. The next scan will be at time established in the Time before pass control of the NDS Thread box. You can control when the check is done by adjusting the Next pass count in this box:
You can restore Internet access for blocked users in one of two ways:
- For all users in TrapEngine = create a new account period by clicking Account period. In this case, the program clears the Loading column, and NDS Thread removes all users from the Trapper group and refreshes the AC rule list of NBM.
- For the user in TrapAdmin - in the Limit column, set a value greater than the Loading value. As in the first case, NDS Thread removes this user from the group Trapper and refreshes the AC rule list of NBM.
Here are two restrictions in TrapAdmin for this mode:
- "0" in the Limit column means that users will have unlimited Internet access.
- The program cannot instantly block the user - it depends on the time established in Time before pass of the NDS Thread box in TrapEngine. Therefore, a user could exceed his/her limit and continue to get information from Internet during this time.
Blocking unwanted websites and domains in TrapAdmin. For this operation you must install and configure the Connectotel LinkWall software on the NBM server. Detailed information about this software can be obtained from http://www.connectotel.com. If the LinkWall software is not available on your NBM server, then you cannot block websites in this mode. In this case, this feature can be used to simply make a list of URLs you might want to track, or manually add to your own access rules.
Blocking unwanted websites is not a difficult process - the program takes care of those operations. You only need to select the URL of each unwanted site in one of created reports and to pass it in the window by using the command LinkWall list:
To find more about the program, (and our other programs), visit http://www.kvy.com.ua. There you can find free downloads for the documentation and for a full copy of TrapAdmin and a demo copy of TrapEngine.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com