Snort mailing list archives
OT: monitoring specific traffic
From: Rich Adamson <radamson () routers com>
Date: Mon, 16 May 2005 16:44:43 -0600
A little off topic here, but thinking a fair number of folks on this list may have knowledge on this.... Been asked to track the usage coming from a specific workstation and heading to the internet. Manager is thinking the employee is surfing as opposed to doing real work. He asked to have something set up to monitor the workstation activity, which is 90% http traffic. Other then a packet sniffer, what tool(s) are folks using to log data such as the url string, host name, or the "GET " string? The manager would like something that runs for a period of days, so packet sniffers are not likely to help. Snort is running, but from what I can tell, its certainly possible to gen an alert but not one with the target strings needed, etc. Thoughts anyone? Rich ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT: monitoring specific traffic Rich Adamson (May 16)
- RE: OT: monitoring specific traffic Patrick Harper (May 16)
- <Possible follow-ups>
- RE: OT: monitoring specific traffic Basselgia, Barry A Mr (NAF Atsugi) (May 16)