I’m looking for options on how to Log users web traffic.
The network I have here is kinda weird, it goes:
(UK Fibre network)
¬ BT Cisco Meraki [ I am unable to manage this ]
¬ TP-Link Omada edge device, switch, wireless points
¬ Users machines
The TP-Link solution is being used to manage the internal network for DHCP, although there is no feature on any of the TP-Link hardware to monitor web traffic.
Is there anything that would work well that I can setup and stick between the TP-Link and Meraki to monitor traffic? - Or I suppose it would need to under the TP-Link device to get IP addresses from client machines.
It’s worth noting that this is slightly harder with https and DNS over https and similar.
With QUIC , this becomes even harder.
There’s a well established piece of software called squid.
It can work with your firewall to intercept and MITM connections … but to use it for https you need squid to be able to encrypt its own data as https using some private key you have that client computers trust. In other words you need to make a certificate authority cert, give the key to squid, and install the cert on each client.