Logging URLs accessed through the router

[PiKe]

I have been tasked with finding a piece of software that can log URLs visited by which IPs on the network, I found that Untangle is pretty much ideal, but I don't like the subscription based nature of the modules, I would rather have something that could be purchased once and that's it.

Proxying isn't an option, as https traffic would avoid the proxy or I would have to install a CA on each workstation, this would also mean phones wouldn't be able to get to certain sites.

Any ideas?

 

[tribz]

Draytek router and syslog. Or any other router that supports some version of syslog.

 

[PiKe]

I can't find a syslog server that offers sufficient filtering, there's going to be thousands of entries to sort through.

 

[pcfarrar]

Draytek router and syslog. Or any other router that supports some version of syslog.

You use Draytek Smart Monitor too:

http://www.draytek.co.uk/products/accessories/smartmonitor

 

[PiKe]

That doesn't show any https traffic.

 

[ov_sjo]

You can't log HTTPS unless you go via proxy which handles the SSL termination.

 

[Ev0]

Something like an IPS with SSL/TLS inspection capability could do the job and wouldn't terminate the SSL/TLS session or proxy in the traditional sense, but you'd still need to load a cert onto clients and it's not exactly cheap!

 

[PiKe]

You can't log HTTPS unless you go via proxy which handles the SSL termination.

You can, I'm only interested in the http connect header, I don't need granular.

That's how Untangle does it without man in the middle.

 

[meandu229]

You can, I'm only interested in the http connect header, I don't need granular.

That's how Untangle does it without man in the middle.

From what understand you would still just get the domain name from that header and not a full URL.

 

[PiKe]

From what understand you would still just get the domain name from that header and not a full URL.

For the purpose of knowing who is accessing Facebook, that would be fine.