Community discussions

 
Basharlb
just joined
Topic Author
Posts: 1
Joined: Fri Mar 17, 2017 4:36 pm

Monitor Users Web activity

Fri Mar 17, 2017 4:45 pm

Hello.

I bought my first Mikrotik rb1100 and installed it in a small office. I was wondering how can I monitor all the users Web activity ( in what websites are they visiting, how many times they are visiting a website and for how long etc..). Should I be using the hotspot config .

Also how can I block certain websites for certain users and allow theme for others.

Would appriciate the advise and a step by step guide since I'm new to mikrotik.

Cheers.
 
katit
newbie
Posts: 32
Joined: Wed May 13, 2015 6:01 am

Re: Monitor Users Web activity

Sat Mar 18, 2017 12:12 am

I just went through this setup myself. If you complete newbie - it might be too much to handle.

But in a nutshell - it is done via Logging capabilities of Mikrotik. And there is 2 ways to approach. And you don't get any kind of "reporting" with stats, etc out of Mikrotik. Mikrotik has all the tools to help you collect data. Visualizing/analyzing/reporting is on you (other software)

1. Reverse proxy. Enable reverse proxy(millions of tutorials) and log data. It will give you all HTTP (unsecured) traffic. You will be able to see exact URLs.
It's nice because you can tell from URL what it is.
It's bad because SSL (HTTPS) will not be there. And more and more sites use HTTPS

2. Forward packets to "Log" on firewall level. This will give you IP from and IP to info. So it's very detailed. ALL activity will be captured.
It's nice because every single packet is captured
It's bad because:
a. You need to lookup IPs. For internal addresses it's easy (I assume you know which PC uses which IP)
b. You need to lookup IPs. For external addresses pretty much impossible. You can use DNS lookups but it will give you s1.amazonses.com instead of www.someinterestingsite.com. There will be a LOT of IPs.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 858
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Monitor Users Web activity

Mon Mar 20, 2017 1:50 pm

If you do not need the full url, you can logg DNS request, and you then see all site requested.
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
Thor187
just joined
Posts: 19
Joined: Sat Oct 21, 2017 10:21 pm

Re: Monitor Users Web activity

Wed Sep 26, 2018 12:25 pm

Alright, so how do you go about getting https traffic?

All I want is:

src-address/hotspot username | dst-address/website | timestamp
 
Thor187
just joined
Posts: 19
Joined: Sat Oct 21, 2017 10:21 pm

Re: Monitor Users Web activity

Mon Feb 11, 2019 10:33 am

Surely there must be a way to track https URLs. not for one moment can I imagine that https URLs are untraceable.

Mac | dst url

That should be possible?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1143
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Monitor Users Web activity

Mon Feb 11, 2019 12:59 pm

Can't be done, unless you play "man-in-the-middle" with wildcard certificate, so that you can decrypt the traffic.

That's because for any request / response flowing over the connection, a ssl socket is setup and used for communication. So all you CAN see is the dns / ip of other side, not the url, not the traffic.

edit: corrected language
Last edited by sebastia on Mon Feb 11, 2019 7:10 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 858
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Monitor Users Web activity

Mon Feb 11, 2019 6:57 pm

We do use https://www.forcepoint.com/ as a man in the middle to examine all urls at our work.
To make this to work all computers need a digital certificate from forcepoint at our PC.
This is not some you can do if you does not have control over the equipment.
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk

Who is online

Users browsing this forum: No registered users and 6 guests