RE: Web logging

["Stephane Auger" <stephaneauger () pre2post com>]

Hi everyone,

  Just wanted to thank all of you on your great feedback of this issue.
I still haven't made my decision yet, but you've enlightened me on all
the different possibilities available.  So kudos to everyone!

Stephane Auger

-----Original Message-----
From: Ted Percival [mailto:ted () mrphp com au] 
Sent: November 12, 2004 9:51 PM
To: Stephane Auger
Cc: security-basics () securityfocus com
Subject: Re: Web logging

I recommend Squid (http://www.squid-cache.org/). Its primary use is as a

cache for HTTP requests, but by default it logs _all_ requests. You can 
set it up to work transparently - ie. client machines won't need any 
special configuration to use it. With a bit more tinkering you can even 
completely hide it by removing all the headers it adds, although IMO 
it's best to leave most of them in.

As for slowing down the network, it'll only speed it up. The online 
documentation as well has the inline documentation (in its config file) 
is very good - special instructions are provided for setting it up as a 
transparent proxy.

As far as monitoring only particular machines/users, you could achieve 
it by grepping (filtering) the logs, or (I'm not sure) it might even 
allow you to specify which machines to log requests from.

Ted Percival

Stephane Auger wrote:
> Hi everyone,
>
>   one of my customers have requested a way to log the web sites that a
> few employees go to, for an employee review.  They don't want to "spy"
> the client computers, more like installing a sniffer on the network
just
> for them.  Now, I know all about Snort, but I don't think this kind of
> tool would do the job.  Would anyone know of some kind of "invisible"
> proxy that would just help me log all HTTP/FTP requests?  Also, the
tool
> musn't slow down the network considerably, since I've seen that happen
> before with a few different apps.  And I'm open to solutions under
> Windows, Linux and BSD.  Thanks!
>  
>
> Stephane Auger