On 12/16/2009 1:29 PM, Joe Magee wrote: > Hey Everyone, > > > > I had a quick question, is there any good open source tools that do web > traffic monitoring? (i.e. promiscuous mode eth interface off of a spans > port?) I’m interested in doing some basic monitoring and ideally sending > those logs to a SIEM tool. > > > > I know proxy’s have this logging capability, however I was hoping to be > able to snag it off the wire and possibly answer questions such as: What > sites are my users visiting? How many hours per day are they browsing > the internet? >
I just posted a blog about how we do this type of monitoring with Tenable products with a combination of our Passive Vulnerability Scanner and the Log Correlation Engine: http://blog.tenablesecurity.com/2010/01/event-analysis-training-analyzing-blacklisted-web-traffic.html#more -- Ron Gula, CEO Tenable Network Security _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
