Internet access monitoring

Can anyone advise please?

They have asked me here at work to evaluate Internet usage with a view to monitoring what sites and Internet addresses people go to.

We access the Internet through Windows Proxy and I was wondering if IIS has some sort of inbuilt monitoring that can be used to check on were users have been on the Internet?

Can it be done through IIS or do I need to consider some other software solution?

Who is Participating?
YensidModConnect With a Mentor Commented:
This question is PAQed  and no points refunded (of 50).

Community Support Moderator
I'm not sure whether IIS or proxy server do it for sure, but I know there are a wide variety of third party solutions that will do what you need.  We use SurfControl's Superscout product.  It does a pretty good job, logging access to web sites by user name, computer name, IP address.  It can even block access to users to restricted sites by user name or group membership.  You can set up custom rules for monitoring/blocking/reporting.  It also has add-on modules for things like e-mail and virus protection.  
Again, it's just one of the many, and everyone has their favorite.  
That's my two cents.
You won't like this, I am sorry, but my 50pt answer is to:

"do not do this"

Get a life, doing something more practical. In such situation you have someone trying to come up with tasks for you that may not be as smart as you, so you may even already feel between the proverbial rock and hard place.

What they are doing is making up game, playing fad, with less knowledge or accountability. Yet moving to no-win situation while costing labor and other resources.

> some sort of inbuilt monitoring that can be used to check on were users have been on the Internet?

IMO Internet access is essential to doing one's job well. Consider your access to this web page for example. IMO if they want restrict access to zero, there are a couple quick ways:

1) unplug the company from the internet. This is a no-brainer they likely refuse to consider, since they are into fads and popularity

2) remove the browser function from any or every PC. But as this can lead to complaints of discrimination up to and including sexual abuse, if at all selective, this kind of hornet's nest a company does not need. Lawsuits can be raised years from now, at increased cost to company

> a view to monitoring what sites

What, they want to find out what is popular? To update their favorites list?

Much easier and cheaper, I recommend google

(if they want restricting of sites, such as popular term: "Porn", then proper term is add a 'filter' not add a 'monitor'. That IMO is different animal, different question entirely)

> with a view to monitoring what sites and Internet addresses

This is OK, and, IMO something you should do. Gathering information, collecting is good, and monitoring company assets is good, easy to justify. The data can be enormous, but has less impact now that mass storage is larger and cheaper. But on that I cannot help because of the other part of q:

> to evaluate Internet usage

so I leave the collector pieces for others. You can find them yourself easily enough, take google for example. But an argument could be made that you are already paid to know, so how are you going to justify that your usage is any more job related than that of another?

quick example: A person could make one access to a religious site. Company could claim the 'evaluation' was too much use on another site. Or even too many bathroom breaks.  What if employee counters that it is really a cloaked religious discrimination issue on part of a 'someone' in the company? Or a female, or other minority, including someone who had medical issue perhaps you were never aware of until facing people you've never seen before: judge, prosecutor, jury, etc.?

My question would be, do you really want to be placed in such a position of satisfying eveyone in the world that your implementation of 'evaluation' was of complete balance to anyone and everyone?

IMO there are more critical areas for your time: to shore up all upgrades, with policies, patches, access rights, and handling the known vulnerabilities that are currently being published on a regular basis.

Internet access is free. It is about freedom. It is not about who gets access to what and where. Therein lies a quagmire that can sink your company and your paycheck as well.

IMO we'd have done better to have a capability of use of a .porn and a .kids. Since ICANN (or izzit "I cannot"?) is responsible for permitting such distinctions, and has unilaterally imposed a sanction of 'no way' to such an option, after charging $50,000 US for each such 'proposal' (using brains also of others, contributors), it is they who should be 'canned', not your fellow employees who make minor mistake of negligible impact.

Better employee monitoring is:
1) give task
2) assess if task done
   - or not done

If tasks are done, who cares about a surfing miscue? If tasks are not done, who cares about a surfing miscue? Possibly, one who does not really know how to manage staff, and is copping out, looking for something else to blame (or someone else, like yourself) when they want to dump on an employee for a completely different reason. To be kind to you, and to your company as well, I have to go with: steer clear of any such 'evaluation' possibility.

Now, evaluating after the fact is entirely different matter as well. If one employee raises specific complaint, such as "He's eMailing me too much porn" - that is different animal, different scenario. There you can easily justify research and evaluation criteria. Any data you've already collected can be of value at such a time. Let us hope it does not arise. Contrast this to a claim of "someone is surfing somewhere too much" - now that kind of vagueness you'd best be clear of. Nothing there to sink your teeth into when trying to explain your every hour of work to a judge & jury of strangers. Not to mention the lawyers who's be digging for any dirt they could find on you to help their case, even 'rumors' of which you'd be unaware of - until then. As I say, a hornets' nest to steer away from - as best you can. Remain polite, emphasize vulnerabilities you need to be busy on. Justify your time for other activities.

Note this is only a comment, don't waste time on a flame. But know I feel very strongly that this is really a valid answer. An answer that has been accepted by as many of your peers as have rejected, with rather colorful flames.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

If you are just wanting to see what websites people are going to (and you have an internal DNS server) you can always just look at the DNS cache to see a view of all sites that have been requested. Of course this shows a total view, that is, of ALL websites that have been accessed since ... And if your DNS server's cache is flushed on a regular basis then you can do it during downtime then wait a day, then examine the cache to see one day's worth of web browsing.

Now if you are wanting to see other things like percentages and graphs for a managerial perspective but are limited as far as monetary means (the budget) then you might try snort/ACID. Granted the setup might be a little unusual for a non unix person but since it is free all we are directly talking about is time. Time it takes to set up something like that.

There are other solutions out there but you might need to clarify exactly what they are looking for... There is a big difference in...

"evaluate Internet usage with a view to monitoring what sites and Internet addresses people go to."

and any one of these...

"Provide a report that shows percent of company/job related websites vs. non-job related websites on a weekly basis."

"Provide me a report of websites that are viewed during the very beginning of work, lunch breaks, the very close of business, and all websites viewed after normal business hours."

"Notify me immediately when someone is not in compliance with our organizations Internet usage policy"

Hope This Helps,

And BTW Snort/ACID are very good software packages... the websites for snort is

if you are looking for a free answer, you could use dug song's  urlsnarf utility, part of the dsniff package, to capture a log of all http activity.  then use some grepping to pull out all the info you need.
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts forfeited.
Please leave any comments here within the next seven days.


EE Page Editor

* as this is only a 50 pt Q, with a lot of different answers, i don't know how to split it.  ( although i agree with SunBow )

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.