To that end, a hotel that provides Internet access to its clients qualifies as an ISP.
The collected information must allow the proper authorities to identify the user, the device used as well as the Internet sites visited.
In France this data must be stored for one year, and no more.
I used RouterOS's hotspot and logging system to build and fill such a database.
The hotspot's user profile login script for instance can be used to create an identification record.
As an example, the following code provides us with the user’s login name, IP and MAC addresses as well as the device’s hostname:
I also use web-proxy logging to collect the list of sites visited by a user (without having to enable the web-proxy itself).
Code: Select all
:local who $user; :local macaddr [/ip hotspot active get [find user=$who] mac-address]; :local ipaddr [/ip hotspot host get [find mac-address=$macaddr] address]; :local hname [/ip dhcp-server lease get [find mac-address=$macaddr] host-name]; :log info ("utilisateur: [".$who."] - adresse IP: [".$ipaddr."] - adresse MAC: [".$macaddr."] - hostname: [".$hname."]");
Thus in the system logging settings I add an action to create a redirection to my Debian Rsyslog server, and I add two rules, one to transmit the user’s identification to the database and a second to keep track of the user’s Web activity:
As for the log server itself I use RSyslog together with Loganalyzer by Adiscon, a free WEB front end: http://loganalyzer.adiscon.com/
Code: Select all
/system logging action add name=Logserver remote=192.168.1.254 src-address=192.168.1.2 target=remote /system logging add action=Logserver topics=script,info add action=Logserver topics=web-proxy,account
The following two links provide step by step guides to setting up you logging server:
https://www.howtoforge.com/installing-a ... ian-wheezy
http://tecadmin.net/setup-loganalyzer-w ... and-mysql/
This approach is by no means perfect or complete but if necessary this data could provide an investigation team with valuable data that may help apprehend terrorists or at least foil some of their plans.