Hi Mike, Have you considered monitoring the output of a command as in the link below.
http://www.ossec.net/doc/manual/monitoring/process-monitoring.html You could set up a scheduled task to run netstat -an | findstr "80 443 8080" | findstr TCP > monitorme.txt then just monitor that file for any changes and alert on a change. You could also run additional commands to capture who was logged in at the time as well. Another way would be to see if you can get logs from a firewall device and set up an alert on that. --Phil On Wed, Feb 15, 2012 at 3:17 AM, Florian Crouzat <[email protected]>wrote: > Le 14/02/2012 21:37, Mike Disley a écrit : > > Anyone have a custom rule that would detect Outbound internet access on a >> Windows system? I'm hoping to detect if/when someone uses a browser to >> access the web on a server with Internet connectivity. >> >> Please and Thanks >> Mike >> >> >> > Maybe force use of a proxy and monitor its logs. > Search for any GET/POST with src.ip beeing one of your Windows. > > 0.02$ > > -- > Cheers, > Florian Crouzat >
