Traffic logging for analyzing and reporting

[Transition]

I've got about 75 people in a branch, and currently we're not operating with any restrictions on internet use. Management tells me they'd like to be able to analyze traffic (i.e. watch where certain people are going and how much time they spend there). Short of using something like Squid-Cache for just the logging abilities, i'm having a hard time thinking of any other way to log this traffic. We're using a Cisco 1721 series router, and while i can login to look at current NAT translations (show ip nat tra) i need to be able to generate something like monthly reports with this. Simply having the Cisco drop logs would probably be enough, then i could get some other logfile analyzer to produce the statistics.

 

[UnrealRage]

MS ISA server is one way

 

[murph]

If you are able to get PERL set up on your machine and capture traffic into a binary file, you can use ChaosReader to analyze the traffic. Its a PERL script that runs against the binary file and spits everything out into a nice pretty package (HTML) with stats and all.

If you can't find it, let me know. I have the link somewhere but don't have the time to dig it out at the moment. I think I got it from WindowsNetworking.com...

 

[da sponge]

MS ISA server is one way

Truth, but it is lacking in reporting. www.webspy.com is a useful tool for analyzing logs of all types, but it is a bit pricey for a once in a while kind of deal. If you're using ISA and logging to the local msde database you have to export and convert before webspy can read the files.

 

[SJConsultant]

MS ISA server is one way

ISA reports are not very customizable and don't forget the MSDE database is "rolled over" into seperate files so unless your logging to a full SQL DB, making any kind of custom report using ODBC will be a pain in the ass to implement.

 

[draconius]

how about a transparent linux box running bandwidthd? it automatically reports about the top hosts using traffic, and then on the same machine, run a squid proxy, from which, you can analyze to your hearts content its logs to see exactly who is hitting what. AND then, if you want to stop timmy in accounting from downloading midget porn, you could install privoxy and dansgaurdian to enable content filtering....