Low cost or free "sites accessed" activity monitor

Looking for something that would allow the owner of a small business (with 10 machines) to "check" on internet activity.  Basically wanting to insure that employees are not wasting inordinate amounts of time on the net.  All users are "allowed" to go on the net and they have legitimate needs to do so.  Something as simple as the boss being able to review (from his desk) their history files would be adequate IF they could not easily circumvent it.

This is a simple NT/Win98/ME network that "runs" itself.  They have no in-house admin.  All computers connect through RoadRunner on the boss's machine using Lanbridge to make his kind of an ICS.

Saw Iopus Starr advertised and it looks good, but $100.  Something less complete and less money would be fine.

Who is Participating?
lrmooreConnect With a Mentor Commented:
are you looking for orwell or bigbrother spyware? or just for some kind of simple network monitor/accounting
VolibrawlAuthor Commented:
All animals are equal, but I want one more equal animal to have this tool.

As I indicated, if we could even just figure out how to READ the Windows\History file of the "subject" computers over the LAN, that would suffice.

Ideal program would:

1. Be free
2. Create a LOG file for each computer on the LAN indicating what sites were visited at what time.
3. The log should be accessible for easy viewing from the "master" computer.
4. The users should not be able to circumvent the logging or erase the logs
5. The master should be able to delete and cleanup the logs
6. The logs should be password or otherwise protected from unauthorized viewing.

Nobody in their organization is very "computer savvy" so "hack proofing" is not a high priority.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Personal opinion, there are products available like the ones in the links above, but not free. $40 should be petty cash for any business. Come on!
I'm sure a good perl/VBS/C++ programmer could do what you ask, but it won't be that user friendly for your non-computer-savvy manager.
Fee Ethereal or Windump can do the job using some creative filters and/or command-line switches, offloading results to a text file, but it ain't for the novice.
Fee = Free, sorry....
if you're just interrested in the URLs, then a simple firewall rule could do what you want.

1. depends on your firewall (free for Linux :)
2. done by the firewall
3. an additional simple script would do it
4. it's on the firewall, not on user's machine
5. dito.
6. dito.
Personal opinion,,
Don't do it.
I'll go along with a free or cheap personal firewall like ZoneAlarm for protection. Especially with cable like RoadRunner.

Without a good local admin, circumventing any process is all too easy. Someone's 'friend' could even play role.

> Basically wanting to insure that employees are not wasting inordinate amounts of time on the net.

This is really too hard to assess using a tool and little knowledge, especially if there is an open policy. Use tool on one person and they'll likely argue another employee did more goofing off. Too much the can of worms.

Better I think is do workload management. If an employee is not getting job done, that is about cause enough for discipline. If reason is surfing porn sites or 'too much', and not knowledgeable, odds are there'll be junk left on HD to demonstrate that as support for discipline. Contrarily, if all the work is done, promptly, perfectly, then who's to care if it only took an hour and the rest of the week was spent on surfing the net?

IMO workload management should be about tasks and expectation of job performance, not about trying to detail and add up every little activity of each employee, be it surfing web, gossiping (loss of time of others in office), bathroom breaks, phone calls to relatives (and alternative entertainments?), naps, etc. That can lead to targeting, discrimination, and other complaints about a 'fairness' in the eyes of those being watched.
* besides  ;-)  they might just be spending the time here at EE and learning and implementing new ways to improve the business and its efficient usage of technology. That's the kind of thing that does not show up well on any tool.

Is it business related or not? Can be hard to answer that, or to get same answer from each employee, perhaps.
> * besides  ;-)  they might just be spending the time here at EE and ..

.. and finding a reference to htthost ..

I agree that the social control might be much more exfficient than the elctronic one.
I agree with the human aspect of this. Do they have a written acceptable use policy? Has everyone seen it? Have they signed an acknowledgement that if they violate the policy they face termination? I'll bet it will cost as much in Secretary's time, paper, toner, and other miscellaneous costs than any $100 commercial application to monitor said acceptible use compliance. There absolutely must be a written, acknowledged policy before this "boss" can do anything about it anyway.

Here's antother thought on the technical aspect. A tiny LinkSys router used as a gateway can maintain a log of all inbound and outbound access by source computer and destination URL.
1. Not free, but < $80
2. Log files saved of to another computer that nobody knows about
3. Log is viewed by web browser from any PC (password protected)
4. User can't circumvent it by deleting files or history on their own computer because the logs are elsewhere.
5. Done. Only the "master" knows where the logs are.
6. Done. Router access to log viewer is password protected.
Hmm... why has this not been mentioned?

I would recommend setting up a mandatory proxy. Everybody would get an account on the proxy and needs to authenticate themselves before accessing the Internet. You can use a commercial tool like WebTrends or a free tool like Webalizer to summarize logs and screen them for unusual activity.

As for the legal side of this: make sure every and each employee signs a document where you define the policy. Unless Internet usage is a required part of their work, you can restrict such usage fairly easily. If it is an essential part of their work, this requires changing the work contract, which is only possible in mutual agreement. Depending on the country, you may however still face problems with sanctions if somebody uses the Internet for private purposes (e.g., to book a vacation or buy a book online).

My opinion: don't do this unless you are really facing immense Internet cost. Before breaking it down to individual employees, establish an anonymous monitoring and if there are indeed some findings, discuss this openly with your employees!

Tim HolmanCommented:
If the users aren't computer savvy, just tell them that all internet access is logged and subject to constant review by the boss....
That should keep them quiet for a while, plus it's free !

tim_holman, perfect idea.
ANd as I said before: there is a minority which always bothers the boss, and makes headaches for the admins, when they use htthost or similar to tunnel the firewall (and even any proxy, except adaptive proxys ;-)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.