[Pauldotcom] Web Traffic Monitoring à la Span Port
Ron Gula
rgula at tenablesecurity.com
Tue Jan 5 15:14:36 UTC 2010
On 12/16/2009 1:29 PM, Joe Magee wrote:
> Hey Everyone,
>
>
>
> I had a quick question, is there any good open source tools that do web
> traffic monitoring? (i.e. promiscuous mode eth interface off of a spans
> port?) I’m interested in doing some basic monitoring and ideally sending
> those logs to a SIEM tool.
>
>
>
> I know proxy’s have this logging capability, however I was hoping to be
> able to snag it off the wire and possibly answer questions such as: What
> sites are my users visiting? How many hours per day are they browsing
> the internet?
>
I just posted a blog about how we do this type of monitoring with
Tenable products with a combination of our Passive Vulnerability Scanner
and the Log Correlation Engine:
http://blog.tenablesecurity.com/2010/01/event-analysis-training-analyzing-blacklisted-web-traffic.html#more
--
Ron Gula, CEO
Tenable Network Security
More information about the Pauldotcom
mailing list