Re: Tools for monitoring traffic to specific websites

[Kurt Murrell <kdm04e () fsu edu>]

If you're looking at capturing web traffic from your users behind a  
proxy server, squid is hard to beat. It runs on a variety of platforms  
and is fairly easy to configure. Squid has a lot of advanced features,  
but with a simple configuration, you can set squid up to only log  
requests.

Once you have the squid logs, a log processor is needed to make sense  
of the data. There are several free log analyzers (for a full list,  
see: http://www.squid-cache.org/Scripts/, my favorite is w3perl), but  
you'll probably have to purchase a log processor to get the level of  
detail you want (I suggest sawmill).

Also, if you decide to start blocking access to certain sites, you can  
take advantage of a drop-in-program called "Squidguard" that can block  
sites based on customizable rules.

With this approach, your only cost would be a log processor, as the  
other products are free of charge.

- Kurt

On Oct 8, 2008, at 1:02 PM, Navroz Shariff wrote:

> Websense works wonders for us.
>
> On Tue, Oct 7, 2008 at 11:54 PM, dongle <bakerga () yahoo com> wrote:
> > NTOP...
> >
> > solarwinds has a new free netflow collector for one
> > interface off a cisco router that might work for you
> > also...
> >
> >
> > --- infolookup () gmail com wrote:
> >
> > > The proxy that I am using can do logging but it is
> > > not designed for that, and since its already being
> > > over utilize we are looking for a second option.
> > >
> > > Someone mentioned wireshark, but I would have to
> > > leave a sniffer on for weeks that way to get a base
> > > line, not to mention its hard to cart the results.
> > > ------Original Message------
> > > From: Murda Mcloud
> > > To: 'Research Lookup'
> > > To: security-basics () securityfocus com
> > > Sent: Oct 7, 2008 6:35 PM
> > > Subject: RE: Tools for monitoring traffic to
> > > specific websites
> > >
> > > What proxy are you using? Sounds strange that it has
> > > no logging
> > > capabilities.
> > >
> > > > > -----Original Message-----
> > > > > From: listbounce () securityfocus com
> > > [mailto:listbounce () securityfocus com]
> > > > > On Behalf Of Research Lookup
> > > > > Sent: Tuesday, October 07, 2008 7:09 AM
> > > > > To: security-basics () securityfocus com
> > > > > Subject: Tools for monitoring traffic to specific
> > > websites
> > > > > Hello all,
> > > > >
> > > > > I am trying to monitoring the daily web traffic
> > > to sites a few
> > > > > specific web sites, we are using a  proxy server
> > > to block and allow
> > > > > access to various sites, however the server is
> > > not capable of meeting
> > > > > this request. I was wondering if there is an
> > > application I can use to
> > > > > monitoring say the daily or weekly traffic going
> > > to www.example.com,
> > > > > and www.test.net?
> > >
> > >
> > >
> > > Sent from my Verizon Wireless BlackBerry