[olug] im logging

[Jaymz Ringler]

the easiest way to accomplish this is to use a network tap (or even an 
old hub) on your internet connection and feed that to a Linux box and 
sniff all instant messenger traffic.   The only way they can bypass this 
setup is if they are using the neighbor's wireless and you can control 
that with administrator settings.   Regardless of what IM client they 
use or if they disable logging, they can't bypass this setup.   You 
could use tcpdump, wireshark or even snort to capture traffic, 
specifically IM packets.

I like to build things, so to build your own inexpensive passive 
ethernet tap, check out http://www.snort.org/docs/tap/   I've built and 
used a few of these when slipping a Snort IDS inline with a server to 
monitor hack attempts, and also to monitor the internet activity of an 
employee.  They work great and can't be circumvented.

A transparent proxy inline would also give desired results as above and 
could not be circumvented.   It however would take quite a bit of 
configuration compared to a tap and wire monitor. 




Ryan Stille wrote:
> I think the only way to 100%, positively log the messages is to use a Linux box as a router, and set it up to log the data you want.
>
> As Tony pointed out, even if you force them to use Pidgin and leave logging on (they could just delete sensitive stuff out of the log files and no one would never know anyway), they can just use Meebo to get around the whole thing.
>
> -Ryan
>
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>