Best software to monitor internet usage?
January 9, 2008 8:52 AM Subscribe
What's the best software to monitor internet usage on specific desktop computers?
I've been tasked to monitor the internet usage of a few individuals at work. I need to do this without their knowledge. So stealth is key. Also I need to be able to see what sites they are visiting and how long they spend on the sites.
I've been tasked to monitor the internet usage of a few individuals at work. I need to do this without their knowledge. So stealth is key. Also I need to be able to see what sites they are visiting and how long they spend on the sites.
Do you have access to firewall logs? If so, all you need is to do is filter for their IP and do name resolution (if the logs don't have resolved names.)
Nothing needs to be installed on the client.
posted by Cat Pie Hurts at 8:59 AM on January 9, 2008
Nothing needs to be installed on the client.
posted by Cat Pie Hurts at 8:59 AM on January 9, 2008
Do you....have a firewall? Are these computers on a domain?
Provide more information if you can.
posted by Industrial PhD at 9:05 AM on January 9, 2008
Provide more information if you can.
posted by Industrial PhD at 9:05 AM on January 9, 2008
There are products which allow you to view what the user is doing in real-time. Some are more transparent to the user than others and if you're interested, are typically marketed towards schools. Of course, if the end-users find out, they'll be quite upset. We use one such product at school which I have mixed feelings about.
You could always just check their browsing history after hours if they don't bother to delete browsing history and cookies.
I like the firewall idea the best, though. Transparent to the user, with the biggest trick sometimes being resolving domain names if it's not built-in to your logs functionality.
posted by jmd82 at 9:17 AM on January 9, 2008
You could always just check their browsing history after hours if they don't bother to delete browsing history and cookies.
I like the firewall idea the best, though. Transparent to the user, with the biggest trick sometimes being resolving domain names if it's not built-in to your logs functionality.
posted by jmd82 at 9:17 AM on January 9, 2008
Several ideas:
1) If your firewall has good logging, you're done. Find out how to enable it and start reading the logs.
2) Many routers that don't say "Linksys" on the front can do similar levels of logging.
3) If you have managed switches, you can mirror certain ports to a monitoring port and stick a logging box there.
4) Stick a logging box between the router and the internet.
5) Set up a transparent Squid proxy and log there. This will need a fairly smart router.
Be aware that a knowlegable user can circumvent all of these, though it's very difficult to tell if they're being used.
posted by Skorgu at 9:47 AM on January 9, 2008
1) If your firewall has good logging, you're done. Find out how to enable it and start reading the logs.
2) Many routers that don't say "Linksys" on the front can do similar levels of logging.
3) If you have managed switches, you can mirror certain ports to a monitoring port and stick a logging box there.
4) Stick a logging box between the router and the internet.
5) Set up a transparent Squid proxy and log there. This will need a fairly smart router.
Be aware that a knowlegable user can circumvent all of these, though it's very difficult to tell if they're being used.
posted by Skorgu at 9:47 AM on January 9, 2008
I've been tasked to monitor the internet usage of a few individuals at work.
Please make sure that you've got something in writing from HR/Personnel requesting this, and that you've had a conversation with your company's legal department before turning the data tap on. What you are about to do is the kind of thing that you must CYA before undertaking -- you must make sure that the request is completely legitimate, and has been approved by the correct people in the organization... or you'll find yourself in a position where you could be easily thrown under the bus.
Specifically targeting particular users for surveillance, rather than logging all Internet traffic and then mining the data for violators, will perk up the ears of anyone who's looking for a wrongful termination suit -- in some states.
And yes, do it at the firewall or otherwise upstream of the client computers. A sufficiently skilled user can always determine when their computer has been changed... but only a handful would know how to notice that their packets are being logged and/or saved by another machine on the wire.
posted by toxic at 10:23 AM on January 9, 2008
Please make sure that you've got something in writing from HR/Personnel requesting this, and that you've had a conversation with your company's legal department before turning the data tap on. What you are about to do is the kind of thing that you must CYA before undertaking -- you must make sure that the request is completely legitimate, and has been approved by the correct people in the organization... or you'll find yourself in a position where you could be easily thrown under the bus.
Specifically targeting particular users for surveillance, rather than logging all Internet traffic and then mining the data for violators, will perk up the ears of anyone who's looking for a wrongful termination suit -- in some states.
And yes, do it at the firewall or otherwise upstream of the client computers. A sufficiently skilled user can always determine when their computer has been changed... but only a handful would know how to notice that their packets are being logged and/or saved by another machine on the wire.
posted by toxic at 10:23 AM on January 9, 2008
Response by poster: The computers in question are Windows XP. They are part of the domain. I do have access to the firewall logs, but these computers are all DHCP. The IPs will change. Also different users use these computers so I need to know who is who.
posted by miqueltegler at 10:23 AM on January 9, 2008
posted by miqueltegler at 10:23 AM on January 9, 2008
Suggested plan of attack, assuming your legal bases are covered. toxic is absolutely right that you should have bulletproof documentation covering your ass on this.
1) Modify DHCP server to give one IP per MAC address. If your current DHCP server cannot do this (I have no experience with MS' DHCP server), get one that can or give up the rest of this plan.
2) Ensure that the domain server is logging logons and logoffs specifically along with the computer name/IP and username. Ensure they are kept indefinitely. This might help, I've never done it.
3) Ensure your firewall logs log everything you might be interested in. Ensure they are kept indefinitely.
4) Write up a script to scan the domain logs and return a logon time, logoff time, and IP.
5) Write up a script to scan the firewall logs for the time period and IP returned by 4.
6) Profit.
Any even remotely competent sysadmin or programmer could accomplish 4 and 5 in an hour, tops.
posted by Skorgu at 10:58 AM on January 9, 2008
1) Modify DHCP server to give one IP per MAC address. If your current DHCP server cannot do this (I have no experience with MS' DHCP server), get one that can or give up the rest of this plan.
2) Ensure that the domain server is logging logons and logoffs specifically along with the computer name/IP and username. Ensure they are kept indefinitely. This might help, I've never done it.
3) Ensure your firewall logs log everything you might be interested in. Ensure they are kept indefinitely.
4) Write up a script to scan the domain logs and return a logon time, logoff time, and IP.
5) Write up a script to scan the firewall logs for the time period and IP returned by 4.
6) Profit.
Any even remotely competent sysadmin or programmer could accomplish 4 and 5 in an hour, tops.
posted by Skorgu at 10:58 AM on January 9, 2008
This thread is closed to new comments.
posted by beaucoupkevin at 8:55 AM on January 9, 2008