[CLUE-Tech] Activity monitoring

Russell Glissmann rglissmann at rfgsolutions.com
Mon Oct 13 07:17:04 MDT 2003 

Well, at this particular client, there is not supposed to be any
Internet access, but due to some really fubar'd setups anyone can have
it, if they know how.  So I need to know who is accessing the Internet,
and what they are doing while on the Internet.
BTW There is a Linux box on site currently being used as a file server. 
The network is switched, rather than hubs, so that may also affect what
data can be retrieved.

Russ
On Sun, 2003-10-12 at 18:46, skipworthy at realivetech.com wrote:
> Russ-
> 
> Exactly what kind of activity did you need to track?  Are we talking about
> just visit's to prohibited sites, or what?
> 
> Two Ideas-
> 
> 1) the easy thing would be to use SNORT or Ethereal on the gateway port- you
> can set it up to filter for, say HTTP requests or something,  then take the
> logs and do text-sorting and list activity in whatever format you need (for
> example, by MAC or IP address) this would be somewhat inelegant, but easy to
> set up and manage.
> 
> 2) If you *must* use MS, they have a thing called ISA (internet security and
> something ) server. It does filtering, web-proxy and activity logging, in
> the usual pretty but not efficient way.
> ----- Original Message -----
> From: "Russell Glissmann" <rglissmann at rfgsolutions.com>
> To: <clue-tech at clue.denver.co.us>
> Sent: Sunday, October 12, 2003 6:21 PM
> Subject: [CLUE-Tech] Activity monitoring
> 
> 
> > Has anyone any experience in logging Internet activity, especially from
> > certain workstations?  If so, what is required both hardware wise as
> > well as software?  The workstations are Windows 2k Pro (you didn't want
> > this to be easy did you?).  Currently this client is not running a
> > firewall or proxy server, but that is something that is in the works.
> > Any idea is appreciated, ideas that are doable are even better!  :-)
> >
> > TIA
> > Russ
> > --
> > Russell Glissmann <rglissmann at rfgsolutions.com>
> >
> > _______________________________________________
> > CLUE-Tech mailing list
> > Post messages to: CLUE-Tech at clue.denver.co.us
> > Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> >
> >
> 
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
-- 
Russell Glissmann <rglissmann at rfgsolutions.com>

More information about the clue-tech mailing list