RE: [squid-users] Squid and Mirrored Router Ports

> SNORT or NTOP would be good for the particular needs.
>
> Using a SPAN port on your uplink to a passive squid server won't work,
> because it's TCP, and requires a handshake.
>
> Scott

Thanks for your input Scott.
I'm reading about SNORT and NTOP now and will choose one of them by today.
Which one would you recommend if I need to log the following:
1. Timestamp
2. Source IP
3. Website visited
These 3 are the vital ones but it's better of course if I can get other
details.

Edward

>
> -----Original Message-----
> From: Dave Rhodes [mailto:DaveRhodes@westat.com]
> Sent: Tuesday, April 17, 2007 3:23 PM
> To: Amos Jeffries; list@telpacific.com.au; squid-users@squid-cache.org
> Subject: RE: [squid-users] Squid and Mirrored Router Ports
>
> Ed, are you sure your management doesn't mean SNORT? I think that's
> what your looking for. It's a pretty good IDS system. Squid's pretty
> serial in nature... What goes in must come out kind of thing. SNORT
> sits on your backbone and passively monitors/records traffic.
> Dave
>
>
Received on Tue Apr 17 2007 - 18:06:24 MDT