A
A
Alexander Kaplun2019-03-04 14:03:38
Computer networks
Alexander Kaplun, 2019-03-04 14:03:38

How to collect statistics on the use of the Internet by users?

There are Mikrotiks installed in different branches and offices.
The task is to collect statistics on who climbs where on the Internet, how much he sits, etc.
Please tell me which is better to use. I would like to mirror traffic from all mikrotik to some one place and parse it there.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
W
Wexter, 2019-03-04
@Wexter

Hire a good sysadmin

R
rionnagel, 2019-03-04
@rionnagel

Zabbix, elk stack + elastiflow, PRTG Network Monitor, netflow analizer and other things that can eat netflow. So you will see from which ip to which person climbs. But you understand that nothing will show you from the box that a person is on youtube and not google (this can only be determined by indirect signs and is ambiguous), especially if the addresses belong to the same company. If the header is encrypted, you need to mitm, change certificates for everyone, it is possible to buy very expensive software, and in some cases hardware, etc. Now is not 2000, when the traffic was predominantly http and you could easily see the headers through a proxy.
If you do not have a budget, then it is better not to implement this idea. Otherwise, you will come to the conclusion that you will need to install kerio control everywhere, buy licenses, replace certificates and turn over the network infrastructure so that you spend less money. This will pull more severe problems with it and you will have to hire a specialist to maintain this.

C
CityCat4, 2019-03-05
@CityCat4

Under these conditions, the problem has no solution :)
1. netflow gives only IP addresses, which will be completely different from where the user goes
2. now almost everywhere is https, so only they know where they actually go. Of
course, everything is possible. Weight has long been invented. But there will be a lot of work.
- Transfer everyone to a proxy (one or each branch has its own)
- Configure bumping on all proxies, that is, certificate substitution, mitm and all that
- Collect and calculate statistics on all proxies
All this, of course, is done on linux. But hands are needed, growing from the shoulders (and not from the sirloin :) )

F
fpir, 2019-03-14
@fpir

It seems to me that the respondents are looking into the 21st century and network technologies, and the author of the question is looking into the 20th century with limited traffic and he needs to look for a technical solution there. That's right, proxy substitution of certificates, but there is a place where certificates do not need to be replaced - on the user's computer. Trafic Inspector (I was surprised to learn that it is even being developed). I don’t know how it is now, but about 10 years ago, an agent was installed on each workstation, which sent statistics to the server and there it summarized everything in a table by traffic type, by ip and by domains.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question