3 Replies Latest reply on Apr 20, 2012 11:29 AM by sliedl

    Tracking urls

      Is there a way to track the urls that people are going to? I need to present a report of what people are going to, so managment can decide if they want to block it. It would be nice if it would present the report by the number of times a site is accessed. For example:

      www.espn.com     100 times from ip

      www.ebay.com      2    times from ip


      I have looked a little with security reporter, but have not found what I need.


      Thanks in advance


        • 1. Re: Tracking urls

          You can run this command quickly to get some output:

          $> acat -w1 -e "request_command GET" | egrep "srcip|url" | less


          That'll give you the srcip and the site they made a GET request to.  If you want the time too add '|Apr' to the egrep switches let's say (so it'll print the first line too).


          You can use -c with egrep to get a count.  You can use 'uniq' to see only unique URLs.


          As for a report, you might be able to see this with a 'cf reports' command.

          • 2. Re: Tracking urls

            This command will show you destination IPs along with the service name, total kilobytes, and total connections to that IP:

            $> cf reports run_report report_name=traffic


            This will only work if you have already turned on the auditsql and auditdbd daemons:

            $> cf server status auditsql

            -- To check


            $> cf daemond enable agent=auditsql

            $> cf daemond enable agent=auditdbd

            -- To enable them


            You can make your own reports also.  Read the 'man cf_reports' manual page to learn how to use the command.  It's...a very complicated command.

            • 3. Re: Tracking urls

              Ok, here's a report you can run that will show you this for each IP you specify:


              $> cf reports run_report report_name=host_activity template_value=


              This will show you all the IPs that went to, with which Service, how many times, and how many bytes transferred both ways.


              You'll have to specify each IP you want to look at as the template_value there.