NTOP will give you extremely granular information on your network in
general. It may be above and beyond your requirements, but it can
impress your powers-that-be.
SNORT will most likely give you the control you need to present the
information in a reasonable fashion. Although it seems to me you could
simply run wireshark and post-process the dump in perl and present them
the data.
Scott
-----Original Message-----
From: Edward C. Jakosalem [mailto:list@telpacific.com.au]
Sent: Tuesday, April 17, 2007 8:06 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Squid and Mirrored Router Ports
Thanks for your input Scott.
I'm reading about SNORT and NTOP now and will choose one of them by
today.
Which one would you recommend if I need to log the following:
1. Timestamp
2. Source IP
3. Website visited
These 3 are the vital ones but it's better of course if I can get other
details.
Edward
Received on Tue Apr 17 2007 - 18:16:42 MDT
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT