DansGuardian Documentation Wiki

You are here: Main Index » identity_logging


Wiki Information

Setting Up Identity Logging

One part of setting up Multiple Filter Groups is identification of individuals in the logs. Occasionally this identification of individuals in the logs is all you want; you don't need or want Multiple Filter Groups. If this is all you want (assuming you've configured anonlymizelogs=off):

  1. Set up some User Identification Method. This probably requires enabling at least one authplugin line in 'dansguardian.conf', and in many cases extending your Squid configuration.
  2. Don't make any other changes to 'dansguardian.conf', and don't make any changes at all to 'dansguardianf1.conf'. Leave filtergroups = 1.
  3. Leave the file lists/filtergroupslist empty.

All users will be assigned to the default filter group f1 just like before. The users or browsers will be asked for credentials though, and the names obtained this way will be included in the DansGuardian logs.

Whether or not users who supply bogus credentials will be able to access the web anyway depends on exactly how you extend the Squid configuration. You could for example allow users to specify any old credentials they wish by selecting a Squid helper program that “always succeeds”. But then you couldn't stop users from impersonating each other, and you'd likely have web activity identified with the likes of “Elvis Presley”.

(If you're sure you're generating some sort of user identification [usernames or client IP addresses], but it still doesn't appear in the logs [i.e. “no username in access.log”], check the configuration setting anonymizelogs. Assuming your local laws and your policies allow information that could identify an individual to be logged, it should be anonymizelogs=off.)