Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web logging

From: Ted Percival <ted () mrphp com au>
Date: Sat, 13 Nov 2004 12:50:49 +1000
I recommend Squid (http://www.squid-cache.org/). Its primary use is as a cache for HTTP requests, but by default it logs _all_ requests. You can set it up to work transparently - ie. client machines won't need any special configuration to use it. With a bit more tinkering you can even completely hide it by removing all the headers it adds, although IMO it's best to leave most of them in.
As for slowing down the network, it'll only speed it up. The online documentation as well has the inline documentation (in its config file) is very good - special instructions are provided for setting it up as a transparent proxy.
As far as monitoring only particular machines/users, you could achieve it by grepping (filtering) the logs, or (I'm not sure) it might even allow you to specify which machines to log requests from. 

Ted Percival

Stephane Auger wrote:

Hi everyone,

  one of my customers have requested a way to log the web sites that a
few employees go to, for an employee review.  They don't want to "spy"
the client computers, more like installing a sniffer on the network just
for them.  Now, I know all about Snort, but I don't think this kind of
tool would do the job.  Would anyone know of some kind of "invisible"
proxy that would just help me log all HTTP/FTP requests?  Also, the tool
musn't slow down the network considerably, since I've seen that happen
before with a few different apps.  And I'm open to solutions under
Windows, Linux and BSD.  Thanks!

Stephane Auger
Previous By Date Next
Previous By Thread Next

Current thread: