Hi,
I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order to analyze/track my browsing history (let's say from Firefox)?
I saw there is a log called Microsoft-Windows-HttpService/trace. Is that the correct one?
Thanks a lot,
Skender
There is no Windows Event log that traces internet usage in this manner. You would need a logging proxy server or 3rd party software installed on the workstation / end point.
I found this useful link:
https://splunkbase.splunk.com/app/1217/
Did you mean this as 3-rd party app?
Skender
Reading the docs on that, it uses 3rd party software and SQLite to extract the browser history from IE, and then ingest that into Splunk.
A typical method for doing this would be to install a SQUID based proxy server on the network, and capture the log files off that squid proxy server, which will track all user's web based activity, along with server responses etc.
I need this tracking only a s a proof for my local machine (with Splunk Enterprise installed).
So, what is the Internet Explorer available log in the event log collections?