Getting Data In

Which from available Windows event logs is used to track my browsing history?

skender27
Contributor

Hi,

I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order to analyze/track my browsing history (let's say from Firefox)?
I saw there is a log called Microsoft-Windows-HttpService/trace. Is that the correct one?

Thanks a lot,
Skender

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

http://blogs.msdn.com/b/wndp/archive/2007/01/18/event-tracing-in-http-sys-part-1-capturing-a-trace.a...

There is no Windows Event log that traces internet usage in this manner. You would need a logging proxy server or 3rd party software installed on the workstation / end point.

0 Karma

skender27
Contributor

I found this useful link:
https://splunkbase.splunk.com/app/1217/

Did you mean this as 3-rd party app?

Skender

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Reading the docs on that, it uses 3rd party software and SQLite to extract the browser history from IE, and then ingest that into Splunk.

A typical method for doing this would be to install a SQUID based proxy server on the network, and capture the log files off that squid proxy server, which will track all user's web based activity, along with server responses etc.

0 Karma

skender27
Contributor

I need this tracking only a s a proof for my local machine (with Splunk Enterprise installed).
So, what is the Internet Explorer available log in the event log collections?

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...