close

IMSpector 特色

  • 以 Transparent Proxy 模式截錄資料
  • 支援 MSN, Yahoo, ICQ, AIM, IRC
  • 支援 MySQL, SQLite 資料庫
  • "髒話過濾" (badwords filter) 功能

一般安裝步驟

  • 預設安裝路徑: /usr
  • MySQL 以套件管理程式 (如: yum、rpm、apt) 安裝

安裝 Imspector

wget http://www.imspector.org/downloads/imspector-0.3.tar.gz

tar zxf imspector-0.3.tar.gz

cd imspector-0.3

vi Makefile

ADD_PLUGINS = mysqlloggingplugin.so

make && make install

建立資料庫

mysql -u root -p -A mysql

mysql> create database imspector;
mysql> grant all privileges on imspector.* to imspector@localhost identified by 'your_password';
mysql> flush privileges;
mysql> exit

vi /usr/etc/imspector/imspector.conf

mysql_server=localhost
mysql_database=imspector
mysql_username=imspector
mysql_password=your_password

ps. 毋須 create table, 當訊息被記錄的時候會自動產生資料表格

測試 Imspector 是否正載入相關 Plugin

/usr/sbin/imspector -d

imspector: Protocol Plugin name: ICQ-AIM IMSpector protocol plugin
imspector: Protocol Plugin name: IRC IMSpector protocol plugin
imspector: Protocol Plugin name: MSN IMSpector protocol plugin
imspector: Protocol Plugin name: Yahoo IMSpector protocol plugin
imspector: Logging Plugin name: Debug IMSpector logging plugin
imspector: Logging Plugin name: File IMSpector logging plugin
imspector: Logging Plugin name: MySQL IMSpector logging plugin

Ctrl + C 中斷

正式執行 Imspector

iptables -t nat -A PREROUTING -p tcp --dport 1863 -j REDIRECT --to-ports 16667

(以上是針對 MSN 的設置, 其他 IM 轉 port 方式請見: http://www.imspector.org/)

/usr/sbin/imspector


自訂安裝

安裝 Imspector

vi Makefile

PREFIX = /usr/local

ADD_PLUGINS = mysqlloggingplugin.so

MYSQL = /usr/local/mysql

$(CXX) mysqlloggingplugin.o... -L$(MYSQL)/lib/mysql...

$(CXX) $(CXXFLAGS) mysqlloggingplugin.cpp -c -I$(MYSQL)/include

vi main.cpp

#default DEFAULT_CONFIG "/usr/local/etc/imspector/imspector.conf"

#define DEFAULT_PLUGIN_DIR "/usr/local/lib/imspector"

vi mysqlloggingplugin.cpp

") ENGINE=MyISAM AUTO_INCREMENT=1929 DEFAULT CHARSET=utf8"

make && make install

vi /etc/ld.so.conf

#加入
/usr/local/lib

ldconfig


補充:

  • 已知問題: imspector 執行一段時間後, 發生訊息無法傳輸的問題
    解決方法: 排程每日重新執行 imspector

    vi /etc/crontab

    #每天早上六點重新執行 imspector
    0 6 * * * root killall imspector; sleep 10; /usr/sbin/imspector > /dev/null 2>&1
     
  • 已知問題: MSN 透過 80 port 傳輸的訊息無法被記錄
    解決方法: 搭配 squid (transparent mode) 封鎖 msn http proxy, 強迫 MSN 走標準 1863 port

    vi squid.conf

    acl msn_http_proxy url_regex gateway.dll
    http_access deny msn_http_proxy

    Ref:     squid.conf ACL Tag 備忘在 Linux NAT 監看 MSN 聊天內容
     
  • 搭配 MySQL 的 Web 查詢介面 (by Eric): http://www.badongo.com/file/3325015


參考資料:

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 安德森 的頭像
    安德森

    安德森技術備忘板

    安德森 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄