Koozali.org formerly Contribs.org

How to monitor User's Internet Browsing

Adam

How to monitor User's Internet Browsing
« on: April 30, 2002, 04:22:49 AM »
Hello there,

is it possible to see what username is accessing what pages on the net ? Our system is running very slow and I believe it is from people downloading files and using the system for personal reasons rather that work related.

Haven't worried too much in the past but it is beginning to cause problems.

How can I see what each user is looking at in the form of a nice report. Management want to see this report each month.

cheers,

Adam

matjaz

Re: How to monitor User's Internet Browsing
« Reply #1 on: April 30, 2002, 06:15:26 AM »
I can suggest you tools for monitoring network traffic. iftop is a great tool for real time network traffic monitoring in terminal (you constantly get info who are top downloaders on monitored network :-) ). But if you need a bit more than iftop, then try ntop. Complete network monitoring tool.

Concerning sorting network traffic, where >> sort by IP based on squid and how much >> ntop info. ntop is saving results in database so that wouldn't be a problem. The only problem is that you've got to have it constantly running on one of your linux workstations (but I think it works on other OSs too). For me that's no problem, but many company's have only Win workstations.

Running ntop on server would slow down servers performance, so this option is probably out of question.

Has anybody some other suggestion, because I'm looking for some additional ways to monitor network in real time mostly to track spyware and viruses more efficiently?

Ari Novikoff

Re: How to monitor User's Internet Browsing
« Reply #2 on: April 30, 2002, 07:14:55 AM »
You could always use snort in terminal mode to track your local network traffic on a small system.

Trinux, if I'm not mistaken, comes with snort and boots off of a floppy (so you obviously don't need much for hardware to run it).

Just a thought.

Ari

Amir

Re: How to monitor User's Internet Browsing
« Reply #3 on: April 30, 2002, 01:20:27 PM »
i think it sounds like you want to create reports on web surfing. For this you can use squid, you can also tie the session to the user yby using authentication for the proxy. Now i've never done this but i hear thats how it works, just want to pass on helpful info.

Amir

Re: How to monitor User's Internet Browsing
« Reply #4 on: April 30, 2002, 01:26:48 PM »
oh and checkout IPTRAF, i use this all the time.  Great of ALL things, you acn monitor all traffic and sort by byte count. There is a "e-smithed" version of it floating around try my myszserver.

Bobby

Re: How to monitor User's Internet Browsing
« Reply #5 on: April 30, 2002, 06:29:41 PM »
You should check out Calamaris - it can parse the Squid logfiles into a reasonable html format. It's really pretty easy, the reports aren't very management friendly but if all you need is to see which ip address visited download.com then it'll do the trick. I've never tried to get it to link to names, I do that manually.
http://cord.de/tools/squid/calamaris/

Filippo Carletti

Re: How to monitor User's Internet Browsing
« Reply #6 on: April 30, 2002, 06:46:17 PM »
http browsing could be logged with squid
SME 5.1.2 has transparent proxy, a squid log analyzer will help (SARG is one).
To see usernames you should use proxy auth or use static ip or map pc name to user and update dns dynalically with dhcp.
But I fear your users are using some P2P app.
A lower level tool (network sniffer) will help you (iptraf, tcpdump, ethereal, snort).

pierre

Re: How to monitor User's Internet Browsing
« Reply #7 on: May 03, 2002, 03:53:06 PM »
Hi

Use ncsa_auth for squid authentication.
Then use sqmgrlog (download from squid site) to generate very user friendly browsing reports (html) per user, via cron.

Works like a charm.

Cheers

Adam

Re: How to monitor User's Internet Browsing
« Reply #8 on: May 04, 2002, 04:02:42 AM »
Thanks for that,

one question as I'm a bit of a newbie here.

How do I use "ncsa_auth for squid authentication" ? I've downloaded the rpm for Redhat7.

Also, is this compatible with e-smith or do I need to do anything extra to make it work.

cheers,

Adam