So I got a lot of really good feed back from all you thanks for the help. I looked at all your suggestions and tried them out. What I found is that snort is the best way to go. I created this rule,
alert tcp any any -> any 5190 (msg:"AIM Message"; content:"HTML";) This is a real simple rule but it does log all the messages and not all the other crap that is part of the AIM app. Legal issues aside this is the way to go. I am in the process of writing a web interface that will go through and parse all this data and make it all search able. With such a large amount of matches it just makes sense to log to a database. Thanks for all your help and hints. d'Ambly, Jeff wrote: >My boss asked me the other day if we could log AOL instant messenger >conversations, I know of course this can be done with any sniffer but I was >wondering if there was a quick and easy way to do this. I was thinking >perhaps I could use snort, but how could I reassemble the conversations? I >would not like to spend all my time gathering and sorting all this info. Has >any one tried this before and if so how well did it work? >
