Monitoring internet use per AD login

**danboid** · 16th December 2009, 02:49 PM

We have a Server 2003 r2 DC and a Watchguard Firebox Firewall but currently we have no way to audit internet use on a per AD user basis. Our firewalls log server does support logging web use via Active Directory user name but we are currently struggling to get it to work correctly and even when we do have it setup I still won't be entirely happy with doing it that way as users will have to login as per usual to AD and then they'll have to manually authenticate against our firewall if they want to access the internet. Ideally users would only need to login once as usual with no need to authenticate again to get out onto the net but we'd still be able to see what sites every user has visited per AD user name.

I'm wondering what other options we might have and if they may work better than using our firewalls log server? We're not running squid at the moment but I suspect that might be able to do what we want? If we did use squid, would users have to manually authenticate against it before they can access the internet or can this be automated?

**ricki** · 16th December 2009, 03:15 PM

Hi

I run a danguardian box with indentd on the windows clients which records who is on. It works a treat but does take a bit of work to get it how you want it but it will run on a 2 gig old pc with a gig of ram and a new hand drive and the rest is time to set it up.

Richard

**danboid** · 16th December 2009, 04:27 PM

"indentd"? Is that a typo? Have you got a link to its homepage? I presuming its free?

If we were to use i(n)dentd, would users have to autheticate to access the web or is this a single sign-on solution?

Is indentd tied to dansguardian or will we be able to use it alongside our existing firewall?

If you found any useful guides to getting this app setup I'd be grateful for any links you can provide

Thanks!

**SpuffMonkey** · 16th December 2009, 04:38 PM

You could grab the script posted somewhere on here that grabs the temp internet stuff and collects it into a html file for each user...or get Smoothwall...

**danboid** · 16th December 2009, 05:18 PM

SpuffMonkey:

This script sounds interesting and could be the easiest solution- where can I find it? Whats it called?

Smoothwall sounds great and I know its got lots of fans on here but replacing our hardware fw is a last resort- certainly at least until our current firewall license expires. I would however be interested to hear from anyone who has used both a Watchguard Firebox firewall and smoothwall to get comments on how they compare- ease of setup and maintainance etc. as we may decide to switch in the future?

**ricki** · 17th December 2009, 08:35 AM

Sorry its identd DansGuardian - True Web Content Filtering for All half way down the page are the ident programs there are several one of which is retina scanner and identd is part of that.

Richard

**ricki** · 17th December 2009, 08:37 AM

Smoothwall is also a good option but check the cost its the commercial version of dansguardian.

Richard

**monkeyx** · 17th December 2009, 09:10 AM

We use Squid, as it allows for user and group AD integration. We then use sarg for analysing usage.

We did use Squid/Dansguardian in the past and may go back to that combination as it worked well. Dansgaurdian did not integrate as well with AD groups as I remember though.

Tim

**tom_newton** · 17th December 2009, 09:15 AM

You could use smoothie *with* your WG if you felt that way inclined.
I doubt identd will help - it sounds to me like your wg is already identifying users - which is what identd is for. Is that right? If it is identifying users we are 99% of the way there

**danboid** · 17th December 2009, 10:34 AM

Tom:

No, our WG FW is totally unaware of AD users and groups until users log into its web gui and authenticate against it. Otherwise we can only see info about MACs and IP addresses etc. which is no use if you're trying to pinpoint what a student was looking at a certain time. However this has been a right royal pain to setup and we haven't got it to work properly just yet.

Monkeyx:

OK so you can do this with squid. When your users log on, do they have to authenticate manually with squid before they can browse the web or does it provide a single sign-on AD user/group aware web monitoring solution when setup correctly? Is this difficult to get working?

**zag** · 17th December 2009, 10:51 AM

Check this thread for the script most of us use. It's really good and easy to install.

Index.dat Analyzer

**danboid** · 17th December 2009, 01:06 PM

ittech:

I presume you are referring to inetlogger.vbs that is linked at the bottom of the thread you linked to? I forgot to mention that another requirement is that the logging system is it would ideally be browser independent as well as 'single sign-on' as I'm under the impression that inetlogger.vbs would only log pages visited under IE, which we do keep installed but I have zero respect for as a browser. Most machines also have FF installed and a fair few have Chrome on too so we would have to uninstall any 'alternate' browsers if inetlogger was to be any use.

**aaronjwilkinson** · 17th December 2009, 01:36 PM

I'm trying to get hold of this script so that i can have a go at running at our school...however, i can't find a working copy.

There is a thread with a link to download it as a .zip file, but i've done this about 5 times, and used various bits of software to unzip it...each time it doesnt work.

There's also a thread with the code of this said script pasted into it. I copied the code, and pasted it into my own script...but there LOADS of things which needed changing...so much so that i abandoned it.

Anyone got a working copy of this script which they could e mail me?

Many thanks

Aaron

**monkeyx** · 17th December 2009, 08:01 PM

Originally Posted by danboid

Tom:

Monkeyx:

OK so you can do this with squid. When your users log on, do they have to authenticate manually with squid before they can browse the web or does it provide a single sign-on AD user/group aware web monitoring solution when setup correctly? Is this difficult to get working?

Our squid setup is fully AD integrated, ie no username or password needs be entered as long as you are logged into our domain. The users AD name is recorded in the squid log.

Websites and file types are blocked for users based on their AD group. The blocking of sites and file types is done via webmin and all of our support team can do this very easily.

Setting up squid for AD is well documented on the squid website and support forums. But if this is your fist *nix project then it is not a beginners project either. It tooks me ages to the AD groups working properly! But now it I am kicking myself that I missed the obvious!

The sarg reporting is great to show usage, when we get requests to show the web history of users.

Tim

**danboid** · 18th December 2009, 09:33 AM

Hi Monkeyx!

Thanks for that - squid definitely sounds like the best solution in that case.

I've been a Linux user since '96 but its only in the last couple of years I've started playing with it for setting up servers. I don't know a whole lot about AD but I expect setting this up should teach me a thing or two about both.

I'm presuming that once I have this setup correctly, we could install any browser (any being IE 6/7/8, FF, Chrome and maybe even Opera) and web traffic would be logged?

Chrome is installed on very few machines but what if a user used its 'incognito browsing' mode? Would squid still register sites visited in that mode?

LinkBack

Thread Tools

Search Thread

Monitoring internet use per AD login

Similar Threads

Block internet to Internet Explorer 7 on Vista

Internet speed monitoring?

Internet monitoring/managment software

Internet Monitoring for audit purposes

Can you update Internet mobile to Internet Explorer?

Thread Information

Users Browsing this Thread

Tags for this Thread

Posting Permissions