[TriLUG] kinda a sniffer, kinda a snort, kinda weird
Kevin Flanagan
kevin at flanagannc.net
Fri Aug 26 21:01:03 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd look at proxy solutions rather than the network, you can have a
transparent proxy with logging on. There are several log reporting
packages as well.
You could even put something like a ClarkConnect box inline to the
internet connection. http://www.clarkconnect.org/webapp/modules.jsp
This has a proxy, and reports all built in, as well as a lot more.
Kevin
Greg Brown wrote:
> Does anyone know anything that will pull in data on a listening
> interface (from a span port on a Cisco, for instance) that will log
> traffic to a database then present a break-down of what that person
> did, what protocols they used, what websites they visited, etc? Kind
> of an intellignet traffic reporter? A watchdog so to speak? Does
> anyone know of a linux/bsd package that will do this?
>
> The front-end has to be fairly simple, something a non-techincal
> manager can look at and go "holy crap, employee X is visiting
> monster.com 450000 times per day, while only hitting the web app they
> are supposed to enter data in 10 times a day".
>
> I've never seen a commerical app to do this so I'm having a hard time
> saying "just like product X, only linux-based and free".
>
> Any ideas?
>
> Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDD7tOhW0MDKygik8RAovIAJwI/oe3UVVXptJxGV+MhaYGoOOPGQCgum5M
+uAKw+9X+sT7c0hy1AQWUMw=
=Ydf/
-----END PGP SIGNATURE-----
More information about the TriLUG
mailing list