Re: Internet Users Logging. [7:1562]
In article , "Tariq" wrote: Sniffers would work fine, but I'd look at doing transparent proxying with something like squid. > Helo everybody. > > I want to monitor the activities of my LAN users who are browsing > different web sites. I want to enable logging for those users and want > to save my all logging information on my Windows 2000 server. > > Please let me know the procedure. > > Thanks in advance. > > Tariq > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2003&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
On Mon, Apr 23, 2001 at 02:48:09AM -0400, Jason J. Roysdon wrote: > tcpdump (I believe standard on most *nixes) appears to work great for this. A somewhat more elegant solution is provided by iplog(http://ojnk.sourceforge.net/) and, if you need more flexibility, snort(http://www.snort.org/) Snort also makes an excellent sniffer and is, of course, free. For a nice listing of related tools, see www.freefire.org. -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1591&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
At 02:48 AM 4/23/01 -0400, Jason J. Roysdon wrote: >tcpdump (I believe standard on most *nixes) appears to work great for this. >You can tell it stuff like this: > tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)' As an Addenda to Jason's post, SysV Unices sometimes contain "snoop" instead of tcpdump. Solaris is an example of one that uses snoop as opposed to tcpdump. They are very similar in use for the most part. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1590&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
Heh, well, I found out a simple way to do this tonight (I'd never needed to use it before, always having Sniffer Pro on my laptop available). One way might be to put a sniffer either inside or outside your firewall to watch all data (and possibly filter on http if that's all you want). tcpdump (I believe standard on most *nixes) appears to work great for this. You can tell it stuff like this: tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)' It logs lines such as: 22:55:42.624793 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:55:57.446055 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:56:27.078577 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) 22:57:26.363622 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069: P 0:42(42) ack 1 win 8467 (DF) Throw this at something like Webalizer and it'll save you a lot of work (or just make an ACL on your Cisco router/firewall permit all, but first permit the traffic you want to log and specify log at the end of the line). I'm not a lawyer and this shouldn't be construed as legal advise, but I would make sure you've got a company internet policy established beforehand (and even signed by users, if possible), and include in it that you can and do monitor traffic. Otherwise you might have someone complaining that you're violating their privacy, etc. I just ssh tunnel all traffic I don't want anyone to see to my personal box, so you'd never catch me ;-p -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Tariq"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Helo everybody. > > I want to monitor the activities of my LAN users who are browsing different > web sites. > I want to enable logging for those users and want to save my all logging > information on my Windows 2000 server. > > Please let me know the procedure. > > Thanks in advance. > > Tariq > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1569&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Users Logging. [7:1562]
If you have a PIX, a simple syslog will give you this info. There are many free syslog collectors out there, Kiwi's is one, 3Com has a decent one too. A more elegent way is to use a Websense type program that does URL filtering too. Tony #6172 -Original Message- From: Tariq To: [EMAIL PROTECTED] Date: Sunday, April 22, 2001 9:29 PM Subject: Internet Users Logging. [7:1562] >Helo everybody. > >I want to monitor the activities of my LAN users who are browsing different >web sites. >I want to enable logging for those users and want to save my all logging >information on my Windows 2000 server. > >Please let me know the procedure. > >Thanks in advance. > >Tariq >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1567&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Internet Users Logging. [7:1562]
Helo everybody. I want to monitor the activities of my LAN users who are browsing different web sites. I want to enable logging for those users and want to save my all logging information on my Windows 2000 server. Please let me know the procedure. Thanks in advance. Tariq Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1562&t=1562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]