Re: [Nolug] internet logging

From: Ron Johnson <ron.l.johnson_at_cox.net>
Date: 07 May 2002 17:39:58 -0500
Message-Id: <1020811199.4720.103.camel@rebel>

On Tue, 2002-05-07 at 16:07, John Kosta wrote:
> All,
>
> I need a log of internet traffic to and from my company.
>
> We are creating an internet policy for our company and are
> concerned about things like corporate espianoge, liability
> lawsuits, and of course general employee abuse.
>
> I have looked at SQUID, but just need to create a searchable
> traffic log where I can pinpoint user abuse for management
> if need be (rather than a "cache" which seems to be SQUIDs
> primary function).

There are many Apache log analyzers (analog is the 1st that
pops in my head) that would help with incoming http analysis.

Running squid, and then analysing the log files (calamaris
is this 1st I think of) would help locate employee abuse.

Also, there are many security log file analysers that work
with ipchains and iptables.

Others can tell you if FTP servers have logging facilities
that list who xferred what, to where, and when. (Of course,
employees _should_ be using scp & ssh, since telnet is evil
and ftp almost so.)

As for general packet logging, there are sniffers, but the
output files would be huge!

Of course, it goes without saying that correct file permissions,
strong passwords, and tight, logging firewalls are a sine qua
non.

-- 
+------------------------------------------------------------+
| Ron Johnson, Jr.        Home: ron.l.johnson@cox.net        |
| Jefferson, LA  USA      http://ronandheather.dhs.org:81    |
|                                                            |
|  Freedom is not free                                       |
|       Korean War Memorial                                  |
+------------------------------------------------------------+
___________________
Nolug mailing list
nolug@nolug.org
Received on 05/07/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST