website/IP tracking
-
I need to know if a site is being accessed on my network. I have a Sonicwall NS2600 and set up the AppFlow logs but nothing is showing up there. I wasn't sure if I could use wireshark on the DNS server to see or if there was another option.
-
@WLS-ITGuy said in website/IP tracking:
I need to know if a site is being accessed on my network. I have a Sonicwall NS2600 and set up the AppFlow logs but nothing is showing up there. I wasn't sure if I could use wireshark on the DNS server to see or if there was another option.
I'm unfamiliar with appflow, but it sounds like you need content filtering/tracking. Without licensing that feature, you need to create a promiscuous port at the switch to mirror the firewall port and then you could wireshark that.
-
@WLS-ITGuy said in website/IP tracking:
I need to know if a site is being accessed on my network. I have a Sonicwall NS2600 and set up the AppFlow logs but nothing is showing up there. I wasn't sure if I could use wireshark on the DNS server to see or if there was another option.
On your network or from your network?
If it's on your network, you'll have logs. If it's from your network, there are many ways to find out. And easily with the Sonicwall.
The most basic way is to turn on data collection for website hits in the LOG section:
-
With Appflow you need to make sure you have authentication enabled for the users so it tracks per user. The Data Collection is for sure nice but it is only the top sites and no much information.
https://www.sonicwall.com/support/knowledge-base/help-with-user-level-authentication-settings-like-local-users-ldap-radius/170503274714653/
