Snort mailing list archives
RE: OT: monitoring specific traffic
From: "Basselgia, Barry A Mr (NAF Atsugi)" <BABasselgia () atsugi navy mil>
Date: Tue, 17 May 2005 08:42:03 +0900
Is there a firewall or proxy server involved? If you have access to firewall or proxy server logs there are a few products out there that will generate usage reports. Which product to use would depend on what logs were available. Barry -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Rich Adamson Sent: Tuesday, May 17, 2005 7:45 AM To: Snort Users Postings Subject: [Snort-users] OT: monitoring specific traffic A little off topic here, but thinking a fair number of folks on this list may have knowledge on this.... Been asked to track the usage coming from a specific workstation and heading to the internet. Manager is thinking the employee is surfing as opposed to doing real work. He asked to have something set up to monitor the workstation activity, which is 90% http traffic. Other then a packet sniffer, what tool(s) are folks using to log data such as the url string, host name, or the "GET " string? The manager would like something that runs for a period of days, so packet sniffers are not likely to help. Snort is running, but from what I can tell, its certainly possible to gen an alert but not one with the target strings needed, etc. Thoughts anyone? Rich ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT: monitoring specific traffic Rich Adamson (May 16)
- RE: OT: monitoring specific traffic Patrick Harper (May 16)
- <Possible follow-ups>
- RE: OT: monitoring specific traffic Basselgia, Barry A Mr (NAF Atsugi) (May 16)