// // Leave a Comment

Guide How to log MSN, Yahoo, ICQ chat Conversations


Here I am going to show you how to log MSN, yahoo, ICQ chat conversation in a Local Area Network using IMspector.
IMSpector is an Instant Messenger proxy with monitoring, blocking and content-filtering capabilities. Currently it supports MSN, Jabber/XMPP, AIM, ICQ, Yahoo, IRC and Gadu-Gadu to different degrees. I have tested yahoo, MSN, ICQ & IRC successfully & I am going to show you how to implement IMspector in your environment.
First of all install Squid proxy server as shown in below URL,
Squid Proxy Installation steps

To INSTALL IMSPECTOR on Untangle follow below steps,

Clean & Update Apt Cache
apt-get clean
apt-get update
#Install Dependencies
apt-get install make build-essential openssl libssl-dev
#To Install Imspector
cd /tmp
wget http://www.imspector.org/downloads/imspector-0.9.tar.gz
tar zxf imspector-0.9.tar.gz
cd imspector-0.9
make
make install
make install-cert

#Create Folder
mkdir /etc/imspector
#Configure Imspector
cp imspector /etc/init.d/imspector
chmod 755 /etc/init.d/imspector
update-rc.d imspector defaults
# create vi /etc/untangle-net-alpaca/iptables-rules.d/750-imspector file & put below iptable rules to forward chat traffic to imspector port 16667.
iptables -t nat -A PREROUTING -p tcp –destination-port 1863 -j REDIRECT –to-ports 16667
iptables -t nat -A PREROUTING -p tcp –destination-port 5222 -j REDIRECT –to-ports 16667
iptables -t nat -A PREROUTING -p tcp –destination-port 5190 -j REDIRECT –to-ports 16667
iptables -t nat -A PREROUTING -p tcp –destination-port 6667 -j REDIRECT –to-ports 16667
iptables -t nat -A PREROUTING -p tcp –destination-port 5223 -j REDIRECT –to-ports 16667
iptables -t nat -A PREROUTING -p tcp –destination-port 8074 -j REDIRECT –to-ports 16667
iptables -t nat -A PREROUTING -p tcp –destination-port 5050 -j REDIRECT –to-ports 16667
Below is the list of protocols used by Chat applications,
MSN – 1863
Jabber – 5222
Yahoo – 5050
ICQ/AIM – 5190
ICQ -6667
Gadu Gadu – 8074
# Restart Untangle affected Untanle services
/etc/init.d/untangle-net-alpaca restart
/etc/init.d/untangle-net-alpaca-iptables restart
/etc/init.d/imspector
cp /tmp/imspector-0.9/contrib/imspector.cgi /usr/share/webmin/imspector.cgi
#Access Imspector
You can see the current running session from console by using below command,
lsof -i | grep imspector
https://untangle-Server-ip:10000/imspector.cgi
You can view the Raw Logs here: /var/log/imspector