?
Solved

Looking for a web usage history tracking tool. (budget)

Posted on 2016-08-15
3
Medium Priority
?
168 Views
Last Modified: 2016-08-17
What are some tools you have used/have seen others use to capture the web traffic of specific users?  Windows 2008 R2 domain with Windows 10 workstations using IE, Chrome, and a few Firefox.  FortiNet firewalls in all locations.

Prefer to keep this project as cheap as possible as it's not a very high priority.  

What are the pros/cons to using firewalls vs software vs a hardware device?
0
Comment
Question by:Daniel Checksum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points
ID: 41756605
Capturing web traffic outside of the computer itself can be fairly problematic. There aren't very many enterprise level web filters aside from WebSense, and that's a relatively expensive solution to use. Just capturing traffic history is usually best accomplished on the computer itself, and there are a myriad of solutions available to accomplish the task. Everything from keyloggers to history trackers, to history reports can be used at the client level to track usage information.

An easy, free way to get web traffic history is to use OpenDNS as your Public DNS forwarder on your DNS servers. They will allow you to generate a report on which DNS queries are performed when set up appropriately. Unfortunately, this doesn't give you granular information like which users or computers are making the DNS requests, since all requests will look the same to their servers.

Inspecting web traffic at the firewall is often not feasible unless the firewall supports web proxy. Web proxy essentially forces all client web browsers to access the internet at the firewall instead of going directly, which means all web requests are initiated at the firewall. Without doing a web proxy, traffic that is protected with HTTPS cannot be inspected because it's encrypted. With a proxy in place, HTTPS traffic is initiated on the Proxy server, then decrypted and presented to the client. This is how most web filtering solutions work.

If you are willing to implement a web proxy solution in your environment, that's probably the most effective way to keep track of usage. Just realize that proxies can be bypassed. The OpenDNS solution can be bypassed very easily as well.
1
 
LVL 8

Accepted Solution

by:
myramu earned 1000 total points
ID: 41758186
Hi,

Your question can be divided in to 3:
1) Users web usage report (Accessed websites, Bandwidth and time usage): This report can be produced using existing FortiGate with the help of Fortigate webfiltering and a syslog server/Fortianalyzer.
2) Capturing packets of a specific user: Packet capturing is also supported by the Fortigate (Required to enable on firewall policy).
3) Web files archive: This is also supported by Fortigate (Using DLP profile and Fortianalyzer).

Good Luck!
1
 
LVL 1

Author Closing Comment

by:Daniel Checksum
ID: 41759458
I am going to contact FortiNet support for this.  My supervisor had recommended that to begin with, just wanted to make sure it was the right choice.
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month8 days, 14 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question