Home page logo

basics logo Security Basics mailing list archives

Re: Proxy log analyser
From: "Jon V" <denessar () gmail com>
Date: Mon, 13 Aug 2007 11:21:25 -0400

Thank you for the reply Julio and to all of those who replied
privately.  Sarg seems to be a hands-down favorite.  While Sarg is a
great tool it does not do what I want simply because I can already do
it it offers.

I realize that I may have stumbled my words a bit in my first post so
I'll try to clarify a bit.  Most of the info that Sarg generates I can
get using grep, Calamaris & Squint (down to the user-level browsing).

What I was more interested in was a system which could facilitate
(better even automate) going through the logs so that I wouldn't need
to spend hours doing it by hand.

Example of how things are now:  A user is suspected of wasting time.
We get his proxy logs from the rest using regular expressions.  I now
know everywhere he's gone.  I then use calamaris to summarize the
sites by most visited, most downloaded, etc.  I go over these sites by
hand to determine what is work related and what is not (This is the
long part).  I then use squint to see how much time is spent online.

A benefit of doubt is always given to the employee: banners and page
refreshes (i.e google mail constantly refreshing) is grepped out to
not have constant 24/7 traffic.

This is a recursive process and can take a few days depending on the
amount of traffic the user has.  When we get a request for a few
reports at a time we downright freak out.

This is why I was interested in a more automated app that could
intelligently determine policy violations and greatly lessen the

Thanks again to everybody

On 8/8/07, Julio Crespo <julio.crespo () aes com> wrote:
Hi, i use sarg


Its excellent for block pages and see sites for each ip.
Also see deny and top of download.
take care with files(hard disk) when generate the report daily.


-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Jon V
Enviado el: MiƩrcoles, 08 de Agosto de 2007 14:27
Para: security-basics () securityfocus com
Asunto: Proxy log analyser

The company I work for uses squid as a proxy server to restrict
outbound http web access.  We use calamaris and squint to get an
overall view of browsing (mostly statistical data) and squidguard for
basic policy enforcement (blacklist porn sites and such) however most
proxy log auditing is unfortunately done by hand when needed.

I was wondering if someone knew of a product that could be used that
would help with the policy enforcement as well as automate more of the
analysis of user logs since these take an enormous amount of time to
go through by hand.

Most open source apps that I've seen are mostly for summary
statistical data and don't seem to quite have what I want.  The
closest thing that I've seen so far is Cyfin Reporter by Wavecrest

Thanks four your time

This email has been scanned for all viruses by the MessageLabs service.

This communication is for use by the intended recipient and contains information that may be privileged, confidential 
or copyrighted under law. If you are not the intended recipient, you are hereby formally notified that any use, 
copying or distribution of this e-Mail, in whole or in part, is strictly prohibited. Please notify the sender by 
return e-Mail and delete this e-Mail from your system. Unless explicitly and conspicuously stated in the subject 
matter of the above e-Mail, this e-Mail does not constitute a contract offer, a contract amendment, or an acceptance 
of a contract offer. This e-Mail does not constitute consent to the use of sender's contact information for direct 
marketing purposes or for transfers of data to third parties.

This email has been scanned for all viruses by the MessageLabs service.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]