good web logger?
10 views
Skip to first unread message
John Wallace
Apr 21, 2021, 11:08:19 PM4/21/21
to nlug...@googlegroups.com
I realize this is a Linux group, however I'm hoping some of you have
some OSX experience.
Is there a good solution for logging web connections on a Mac? I'm
thinking of something real simple and lightweight thats not easy to
detect. An open source solution would be a plus. A command line daemon
would be ideal. I'm not looking for anything that opens a port and
takes remote commands, just something that will write a simple log to
a file on the system of all outgoing web destinations.
some OSX experience.
Is there a good solution for logging web connections on a Mac? I'm
thinking of something real simple and lightweight thats not easy to
detect. An open source solution would be a plus. A command line daemon
would be ideal. I'm not looking for anything that opens a port and
takes remote commands, just something that will write a simple log to
a file on the system of all outgoing web destinations.
Tilghman Lesher
Apr 22, 2021, 9:02:50 AM4/22/21
to NLUG
Have you considered LittleSnitch? It's by far the most well-known of
the logging firewalls for OS X. You can set it to permissive, then
allow everything out, but log it.
As far as "not easy to detect", that's probably not going to work.
Without compromising the kernel, everything is going to be easy to
detect. But the nice thing about LittleSnitch is that, because it's
so ubiquitous in the OS X world, many people will simply overlook its
presence.
> --
> --
> You received this message because you are subscribed to the Google Groups "NLUG" group.
> To post to this group, send email to nlug...@googlegroups.com
> To unsubscribe from this group, send email to nlug-talk+...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "NLUG" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAKov0FLg0OyapGWZDEz6bzCnJiM9uo0x%3D5X_AQ%3DFAPoQ9-e4Qg%40mail.gmail.com.
--
Tilghman
the logging firewalls for OS X. You can set it to permissive, then
allow everything out, but log it.
As far as "not easy to detect", that's probably not going to work.
Without compromising the kernel, everything is going to be easy to
detect. But the nice thing about LittleSnitch is that, because it's
so ubiquitous in the OS X world, many people will simply overlook its
presence.
> --
> You received this message because you are subscribed to the Google Groups "NLUG" group.
> To post to this group, send email to nlug...@googlegroups.com
> To unsubscribe from this group, send email to nlug-talk+...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "NLUG" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAKov0FLg0OyapGWZDEz6bzCnJiM9uo0x%3D5X_AQ%3DFAPoQ9-e4Qg%40mail.gmail.com.
--
Tilghman
Bucky Wolfe
Apr 23, 2021, 7:05:15 AM4/23/21
to nlug...@googlegroups.com
What are your criteria for a "web connection"? Any http/https request made from a browser? http/https from anything? DNS resolution? Any established tcp session?
Taking a guess at what you want, my first instinct would be to change your dns servers to a dns proxy with logging, but that's only going to give you hostnames (and you're going to get _every_ resolution, not just stuff from http traffic). If you're concerned mostly with http traffic, and want the full request URI, a MITM proxy (complete with trusted certs for root domains, and proxy auto-config) or logging browser extension are the first things that come to mind, although those are fairly easy to detect for a reasonably savvy user (not sure if that's a requirement). A PAC file is potentially better than a browser extension, depending on where you want visibility, as most apps that use http/https at some level will end up getting proxied.
-Igneous
To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAHPkZcXCYFeVerV0uD8oJO6BSC-d%3DAaTvYTWRm3%2BXTw1Ky6ryw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages