Re: Recommendations for a Passive Web Content Monitoring solution?

["Andre Luis Quintaes Guimaraes" <andreq () infolink com br>]

One way to do it is to use squid running in transparent proxy mode (http
accelerator in its configuration) and using the firewall to forward the
packets to the transparent proxy. Although I would recommend setting up a
normal proxy and configuring on your client machines.
Then you could use one of the many squid log analyzers (even webtrends
supports it) and get your reports.
You would also gain navigation and save bandwidth by using a proxy. You can
also configure it to not cache anything, just log.

Btw, Im looking for a icq sniffer, I found one but its server (the packet
analyzer and rtf decoder) was a windows delphi binary... Does anybody knows
about one that runs on freebsd?
----- Original Message -----
From: "Nick Jacobsen" <nick () ethicsdesign com>
To: <full-disclosure () lists netsys com>
Sent: Thursday, April 10, 2003 3:28 PM
Subject: Re: [Full-disclosure] Recommendations for a Passive Web Content
Monitoring solution?


> Maybe I was not specific enough.  When I said "Web Content Monitoring" I
was
> refering to monitoring the web site usage by employees during business
> hours.  I am not specifically looking for something that would trace it
back
> to the employee, just something to give my client a good overview of most
> the surfing.  I have seen the commercial solutions, such as silentrunner,
> and websweeper, but those are targeted more toward stoping the viewing of
> web sites, not just monitoring, plus, of course, they cost :)  Also, as I
> said in my origian post, I realize I could implement this myself, but
again,
> I would rather not re-invent the wheel.
>
> Sorry if my original post was unclear
>
> Nick
>
> ----- Original Message -----
> From: "Ed Carp" <erc () pobox com>
> To: "KF" <dotslash () snosoft com>; "Nick Jacobsen" <nick () ethicsdesign com>
> Cc: <full-disclosure () lists netsys com>
> Sent: Thursday, April 10, 2003 9:47 AM
> Subject: RE: [Full-disclosure] Recommendations for a Passive Web Content
> Monitoring solution?
>
>
> > Overkill.  Why not use squid, which is included with every Linux system?
> >
> > > -----Original Message-----
> > > From: full-disclosure-admin () lists netsys com
> > > [mailto:full-disclosure-admin () lists netsys com]On Behalf Of KF
> > > Sent: Thursday, April 10, 2003 5:12 AM
> > > To: Nick Jacobsen
> > > Cc: full-disclosure () lists netsys com
> > > Subject: Re: [Full-disclosure] Recommendations for a Passive Web
Content
> > > Monitoring solution?
> > >
> > >
> > > Snort?
> > >
> > > http://www.snort.org/cgi-bin/sigs-search.cgi?sid=porn
> > >
> > > -KF
> > >
> > >
> > > Nick Jacobsen wrote:
> > >
> > > > Not sure that this is an exactly suitable topic, but anything
> > > seems to go,
> > > > so...
> > > >
> > > > I am trying to find an open source (read free) PASSIVE web content
> > > > monitoring solution.  We are looking for something that can be put on
a
> > > > network, and using promiscuous mode, capture and analyze web
> > > traffic, etc...
> > > > We would obviously place this in such a way that all network
> > > traffic would
> > > > pass by it.  Any suggestions would be welcome, though again, I am
> looking
> > > > for something specifically designed to do this, as I know I could
> modify
> > > > existing tools myself...
> > > >
> > > > Nick
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html