Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Which from available Windows event logs is used to track my browsing history?

skender27
Contributor
‎04-29-2015 12:32 AM

Hi,

I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order to analyze/track my browsing history (let's say from Firefox)?
I saw there is a log called Microsoft-Windows-HttpService/trace. Is that the correct one?

Thanks a lot,
Skender

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎04-29-2015 12:35 AM

http://blogs.msdn.com/b/wndp/archive/2007/01/18/event-tracing-in-http-sys-part-1-capturing-a-trace.a...

There is no Windows Event log that traces internet usage in this manner. You would need a logging proxy server or 3rd party software installed on the workstation / end point.

0 Karma
Reply

skender27
Contributor
‎04-29-2015 01:16 AM

I found this useful link:
https://splunkbase.splunk.com/app/1217/

Did you mean this as 3-rd party app?

Skender

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎04-29-2015 01:20 AM

Reading the docs on that, it uses 3rd party software and SQLite to extract the browser history from IE, and then ingest that into Splunk.

A typical method for doing this would be to install a SQUID based proxy server on the network, and capture the log files off that squid proxy server, which will track all user's web based activity, along with server responses etc.

0 Karma
Reply

skender27
Contributor
‎04-29-2015 01:14 AM

I need this tracking only a s a proof for my local machine (with Splunk Enterprise installed).
So, what is the Internet Explorer available log in the event log collections?

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...