> SNORT or NTOP would be good for the particular needs. > > Using a SPAN port on your uplink to a passive squid server won't work, > because it's TCP, and requires a handshake. > > Scott Thanks for your input Scott. I'm reading about SNORT and NTOP now and will choose one of them by today. Which one would you recommend if I need to log the following: 1. Timestamp 2. Source IP 3. Website visited These 3 are the vital ones but it's better of course if I can get other details. Edward > > -----Original Message----- > From: Dave Rhodes [mailto:DaveRhodes@xxxxxxxxxx] > Sent: Tuesday, April 17, 2007 3:23 PM > To: Amos Jeffries; list@xxxxxxxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx > Subject: RE: Squid and Mirrored Router Ports > > Ed, are you sure your management doesn't mean SNORT? I think that's > what your looking for. It's a pretty good IDS system. Squid's pretty > serial in nature... What goes in must come out kind of thing. SNORT > sits on your backbone and passively monitors/records traffic. > Dave > >
