Re: Program to monitor employee internet usage

[dash78 () securityfocus com, "[at]"@securityfocus.com, gmail.com () securityfocus com]

Hey I had a similar requirement from my manager. we basically wanted to track all URL(s) visited and bandwidth usage. 
the solution i used was and something that is working really great was:
1. fedora box connected to the span port (replicates all traffic from our internal VLAN to this port).
2. two interfaces. one running with no ip address and connected to the span port. the other interface with an ip used 
for managing the box.
3. Run urlsnarf (google it..if u hvnt heard if it) on the interface connected to the span port.

4. urlsnarf produces the output in a CLF format which all WWW log analysers can parse.

5. I use squidalyser to parse the logs generated by urlsnarf. you access the results through a SSl page. cron the 
squidalyser to run every night and the next day you can see all the sites each user has been to.
6. this solution uses no proxies so you do not hv to configure the end user browsers to point to a proxy. you jus 
passively snarf the urls:).
7. for bandwidth usage..use ntop..works great.

thanks
dash.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------