Hey I had a similar requirement from my manager. we basically wanted to track
all URL(s) visited and bandwidth usage. the solution i used was and something
that is working really great was:
1. fedora box connected to the span port (replicates all traffic from our
internal VLAN to this port).
2. two interfaces. one running with no ip address and connected to the span
port. the other interface with an ip used for managing the box.
3. Run urlsnarf (google it..if u hvnt heard if it) on the interface connected
to the span port.
4. urlsnarf produces the output in a CLF format which all WWW log analysers can
parse.
5. I use squidalyser to parse the logs generated by urlsnarf. you access the
results through a SSl page. cron the squidalyser to run every night and the
next day you can see all the sites each user has been to.
6. this solution uses no proxies so you do not hv to configure the end user
browsers to point to a proxy. you jus passively snarf the urls:).
7. for bandwidth usage..use ntop..works great.
thanks
dash.
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
