August 29th, 2002, 07:18 AM
Microsoft Proxy Question
I have a question about MS Proxy server 2.0. I have been tasked with tracking one of our user's web access. He is suspected of going to questionable websites and I have to extract from the logs where he went and when. I was able to do that, but the boss wants to know how long he was at each of the sites. Ok, so on to the point. Is there any way of determining from the W3*.log files created by MS Proxy Server 2.0 how long a user was at a particular site or if there are any programs out there that can do the same. I have searched Google and various other search engines for programs of this sort or articles written on this subject, but I haven't found exactly what I need. If anyone can point me in the right direction I would be deeply appreciative. Thanks in advance.
August 29th, 2002, 07:53 AM
Re: Microsoft Proxy Question
Sounds familiar but I don't think you can get such info from the log. I mean, what if he typed a URL, and not wanting to wait for the page to display, then he went smoking outside for example. Is that considered a web access activity?
I was able to do that, but the boss wants to know how long he was at each of the sites.
HTTP is not a session-oriented protocol, unlike FTP. In FTP you have to login to start the session, do something and then quit to close the session. But even in FTP, you could also login, get a file and forget to quit.
The fact that he went to questionable web sites in working hours using company computer is enough to capture him...
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
August 29th, 2002, 03:33 PM
I figured as much with the way the logs are created. I have access tims, but no way of finding out how long the site was accessed. Unfortunately it's the only site that he accessed so I haven't even the foggiest idea as to how long his session lasted. I could always pull out the log for the entire day and filter it to show only his information, but that's not all too reliable. I appreciate the help though, and I agree on the fact that he used company resources to do his porn surfing is enough, but I'm just the worker-bee trying to do the best for the boss. Thanks again.
August 29th, 2002, 03:45 PM
eeshman: How detailed are the logs? Do the tell you what time he accessed the site or just the sites?
Example: If he went to www.xxxporn.com does the log show all the pages he accessed? Like index.htm or bomb.htm and the time? The school district I used to work for had a log from Microsoft Proxy 2.0 that showed the time and each individual site they visited. If that is true, then you can just subtract the time he spent between pages.
August 29th, 2002, 05:22 PM
There are several products out there that log any and all web access. One in particular is called Web Inspector
Also you might try to upgrade your proxy 2.0 machine to running MS's ISA Server . Its the next thing in MS Proxy.
It has some nice reporting tools built in, and there are also some plugins available that might help you out in the future.
As a rule MS Proxy 2.0 logs....suck. You probably already know this though...
If you really want to log web access, then its probably a good idea to have seperate tool running to log these things. If your corporation has some money to spend, then I'd point you to Web Inspector. Its pretty nice, and real easy to manage.
Hope this helps a little.