If you have a UTM Firewall with web filtering, you could use LEM to collect the logs, which you could search through and possibly create alerts. Another option is to get a web proxy solution which could also send logs to LEM. Solarwinds does not have a native URL filtering product, but you could check out a Wavecrest product like Web Security - Internet Filtering, Monitoring and Forensic Products. Depending on number of users and if you have a web filtering firewall/proxy this can be pretty cheap.
When dealing with URL logging it is very important to have urls categorized so you know what it is you are looking at. Simply logging every URL a user visits will not produce exactly what your looking for. Many web pages a user visits can generate hundreds or URLs where resources/Ads are hosted. Now if Solarwinds took on a web filtering company as their net acquisition this would be very interesting to me.
Another option is to simply use your network traffic,
This is one of the advantages of using network traffic analysis and a common use case. It does not matter what kind of operating systems on the machines, you do not need Netflow or to deploy clients/agents, you can just use your traffic once you ‘sniff’ it (usually via a SPAN port or port mirror) at the right point in your network.
You can get some very useful information from traffic including granular detail on web activity, IP and MAC address, domain, date/time, each page visited, amount of data transferred, etc.
We have a solution, the Netfort LANGuardian that also integrates with Solarwinds, you can access a live demo here:
Or download a trial from here
If the users log on using Active Directory, we track and keep detail by IP, mac address and user name. If they do not, we track it by IP and MAC address. It gives you an instant real time view as well as retaining granular detail for months for reporting, forensics etc.
Very interesting, would be really nice if the price is right. I like the ability to have it all integrated into Solarwinds for Dashboards. How is reporting?
The LANGuardian extracts some very granular and readable detail from network traffic using it's Deep Packet Inspection engine and application decoders and only stores this detail or metadata, discarding the remainder of the packets. As a result, it can retain this detail in its built in database for months without expensive storage and reporting is very comprehensive. It includes a large set of reports which can also be customized.
For example, if you go to the report search box, top right at this link
and just enter
no need to press return, it will auto complete and give you a list of the reports available for each search term.
Pricing is based on the number of users and starts at $3,995.