Security Basics mailing list archives
Re: Proxy log analyser
From: "Jon V" <denessar () gmail com>
Date: Mon, 13 Aug 2007 11:21:25 -0400
Thank you for the reply Julio and to all of those who replied privately. Sarg seems to be a hands-down favorite. While Sarg is a great tool it does not do what I want simply because I can already do it it offers. I realize that I may have stumbled my words a bit in my first post so I'll try to clarify a bit. Most of the info that Sarg generates I can get using grep, Calamaris & Squint (down to the user-level browsing). What I was more interested in was a system which could facilitate (better even automate) going through the logs so that I wouldn't need to spend hours doing it by hand. Example of how things are now: A user is suspected of wasting time. We get his proxy logs from the rest using regular expressions. I now know everywhere he's gone. I then use calamaris to summarize the sites by most visited, most downloaded, etc. I go over these sites by hand to determine what is work related and what is not (This is the long part). I then use squint to see how much time is spent online. A benefit of doubt is always given to the employee: banners and page refreshes (i.e google mail constantly refreshing) is grepped out to not have constant 24/7 traffic. This is a recursive process and can take a few days depending on the amount of traffic the user has. When we get a request for a few reports at a time we downright freak out. This is why I was interested in a more automated app that could intelligently determine policy violations and greatly lessen the workload. Thanks again to everybody Jon On 8/8/07, Julio Crespo <julio.crespo () aes com> wrote:
Hi, i use sarg http://sarg.sourceforge.net/ Its excellent for block pages and see sites for each ip. Also see deny and top of download. take care with files(hard disk) when generate the report daily. Regards. Julio. -----Mensaje original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Jon V Enviado el: MiƩrcoles, 08 de Agosto de 2007 14:27 Para: security-basics () securityfocus com Asunto: Proxy log analyser The company I work for uses squid as a proxy server to restrict outbound http web access. We use calamaris and squint to get an overall view of browsing (mostly statistical data) and squidguard for basic policy enforcement (blacklist porn sites and such) however most proxy log auditing is unfortunately done by hand when needed. I was wondering if someone knew of a product that could be used that would help with the policy enforcement as well as automate more of the analysis of user logs since these take an enormous amount of time to go through by hand. Most open source apps that I've seen are mostly for summary statistical data and don't seem to quite have what I want. The closest thing that I've seen so far is Cyfin Reporter by Wavecrest computing. Thanks four your time ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs service. ________________________________________________________________________ This communication is for use by the intended recipient and contains information that may be privileged, confidential or copyrighted under law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-Mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-Mail and delete this e-Mail from your system. Unless explicitly and conspicuously stated in the subject matter of the above e-Mail, this e-Mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-Mail does not constitute consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. This email has been scanned for all viruses by the MessageLabs service.
Current thread:
- Proxy log analyser Jon V (Aug 08)
- <Possible follow-ups>
- RE: Proxy log analyser Julio Crespo (Aug 10)
- Re: Proxy log analyser Jon V (Aug 13)