Hello everyone,
This might have been asked in similar ways but so far none of the threads worked for me. So please bare with me:
What I’d like to have is a “Top 100 domains visited” for any given time frame. Lets say “for the last 10 days”.
Is there an easy way to create such a “top 100” log? No permanent solution and not down to individual local IPs. Just an overview on what is visited?
Thanks in advance.
interesting, but do you need to setup a proxy for that?
Yes! To collect informations about domains (URLs / FQDNs) visited, the traffic must be directed to a program that analyses the packets.
SARG only samples web proxy accesses.
In times of encrypted internet traffic (HTTPS, …) it may be a bit tricky to sample information about URLS visited. Mostly the transaction is [lookup the IP by DNS] → [authenticate and exchange keys] ->[communicate using TLS], where the proxy isn’t involved to much.
Communications besides HTTP(S) are not logged by the proxy. Logging DNS request may help, but includes queries not used for communications.
I’ve been using SARG now for 24 hours with a transparent proxy and it seems to be exactly what I need atm. Thank you everybody.
Trying to convince myself of the need of a proxy to do this monitoring.
I will look up implications. No intention to create a derived topic here.