Monitoring User Activity in Real Time with RTMonitor
Latest Update:
Updated Oct. 27, 2006: New version 4.4 is released
with new features listed below. A free demo version is
available here. The price is:
- $99.95 for new customers
- $45.95 for schools, colleges, universities, and health protection
establishments
- $45.95 for upgrades from a previous version
- Special Promotion: $20.95 for ANY upgrade, until November 20, 2006!
Detailed information about this program can be found at:
http://www.kvy.com.ua
Upgrading:
If you already installed version 3.9.6 or earlier of the program, then you
should first uninstall the old version before installing the new copy. Use the
Add/Remove Programs folder in Control Panel of your workstation. This
operation cleans all settings of MS Installer in the Registry.
If you already installed the 4.0.3 version (or later), then install the new
copy into the same directory of this previous copy. You should not need to
uninstall the old one first.
Changes since the previous versions include:
- New features of 4.4:
* Added the Remote management commands to the Tools menu and History.
* Added saving a cursor position in the History and Web Sites Report windows
after pressing one of the buttons of these windows.
* Added saving the sort order of columns of the main window for next
RTMonitor sessions.
* Added support of Euro languages in the Send message window.
* Refreshed some codes by the new NDK (October, 2006).
* Changed HELP.
About RTMonitor
A common question I see in the Novell public forums is "How
can I see where my users are going right now?", and "How can I tell who
is using a lot of bandwidth right now?"
The best answer I have seen is to use a clever little program called RTMonitor,
by Victor Kulichkin. This program works by parsing the common log file almost
constantly, pulling out current data, and displaying it on your PC. The program
will show you 100 users (configurable), and the last 20 or so web sites they
visited. In addition, the amount of bytes downloaded by each user is displayed,
so that you can find users that are taking most of the bandwidth.
Starting with version 3.05 there is a button to click on that will attempt to
associate an IP address from the log files with a user currently logged in to a
server. (There are limitations on how this works, but basically, if you do not
have proxy authentication enabled, and your users are logged into a NetWare 5
or 6 server via TCP/IP, and you are running RTMonitor on Win2k / XP, the
feature should work).
I find this program especially useful when setting up access rules, and
discovering what sites kids are getting to in schools. (Sites not being
blocked by SurfControl, N2H2 or LinkWall). I can then modify the access rules
as needed. Versions since 3.05 even show me if the last access to a site was
Forbidden, by displaying the HTTP connection code from the logs.
Version 3.1.4 and later have a very useful LinkWall integration feature, that
makes it extremely easy to block a URL with LinkWall. Click
on a URL in RTMonitor's display, and you will have an option to add that URL to
a LinkWall blocking list. You even have another button to tell LinkWall to
refresh itself, so that it will read in the new URL and block it right away. If
you do not have LinkWall, this feature can be used to simply make a list of
URL's you might want to track, or manually add to your own access rules. If you
haven't tried LinkWall, you should. (You can download a LinkWall
45-day eval for free HERE).
RTMonitor is not expensive at only $99.95 (about half that for schools)! Every
BorderManager administrator should get a copy. The program is available for
purchase at Victor Kulichkin's web
site.
A RTMonitor demo version is available HERE. This
version will only display 3 users. It is a small program, runs on Windows,
and it is easy to install and uninstall.
Victor Kulichkin's web site shows
an example of how the program looks in action.
Note: If you have installed older versions of RTMonitor, you must uninstall
the old version before the new version will install. Running the install
program has an option to uninstall the program, but it will not automatically
detect and uninstall older versions for you. If you install a new version with
an old version installed, the old version will remain in place.
Some hints on how to make best use of this program:
- Using this program requires you to have common logging enabled, so be sure
to enable common logging. RTMonitor does not make use of extended or indexed
log files. I highly recommend setting up a dedicated log volume - do not put
the log files on a cache volume, and try to avoid the sys volume.
- Because RTMonitor must parse through the most current common log file, it
works best (fastest) if you have multiple small common log files, instead of
very large ones. I recommend that you try to roll over your log files
frequently, and at least try get them down to no more than 10MB each.
- Because RTMonitor caches the current log file on your workstation while
working on it, you must reserve a certain amount of RAM in the program setup to
hold the current log file. The default value is 10MB. If you roll your log
files frequently, you can reduce the RAM limit for RTMonitor. If you have lots
of RAM on your PC and like to have 50-60MB log files, you can increase the cache
size limit in RTMonitor. (But RTMonitor will still take longer to parse a 60MB
log file than a 10MB log file). Version 3.9.6 changed how the log files are
processed, and this may not be as much of a limitation as before.
- There is a History option in RTMonitor so that you can see the last 1000 or
so URL's accessed by a user. I requested that Victor add this feature because
some web sites have many advertisement links that would otherwise obscure where
the user was browsing. For instance, browsing to www.cnn.com will show you one
URL for www.cnn.com, but serveral others as well, including ar.atwola.com,
which usually shows up as the last URL. Without the history feature, you would
not know that the web site being accessed was www.cnn.com.
- There is a Connect feature, which works with Internet Explorer, to view the
URL's shown in the RTMonitor display. Note that once you connect to a URL, the
next pass of RTMonitor through the common log will show you as accessing that
URL.
- You will only see a user name if Proxy Authentication is active and the
user is authenticated.
- By default, RTMonitor makes another pass through the latest common log file
60 seconds after it completes a pass. However, it may take several seconds to
parse the log file itself, so the actual (default) time between log file passes
is 60 seconds + whatever time it takes for your PC to access and analyze your
log file. Smaller log files are faster. You can change the idle time parameter
if you don't like a 60 second delay between passes.
- Active connections are shown in red, while older connections are shown in
black. After 30 minutes (default value) with no further activity, the user
information is dropped from the RTMonitor display. Regardless of the time
entered in the 'Clean Passive Users' parameter, only the last 100 users will be
displayed.
Previous Updates to this page:
- New Features of Previous Version (4.2.6):
* Added the Create web report command. With this command you will see all
websites that your users are visiting at the moment. The command forms two
kinds of reports - A report of websites and A report of visitors of these
sites.
* Added the Send message command. With this command you can send messages to a
user by using the Message services of NetWare.
* Added the Report options window for creating reports.
* Enhanced the Define name mode:
a. Added the option allowing you to manually make a servers list for scanning
of users. This option allows you to reduce the time of this mode and is also
useful for networks that have NetWare servers at the opposite sides of WAN.
b. Modified the algorithm of this operation for the last eDirectory versions
in IP and IPX environments. The old Define Name command found user names
without their NDS contexts.
c. Added seven additional criteria of search by connection types into the
algorithm. The previous programs had only two.
d. Added the filter for ignoring NDS non-user objects. This option is useful
for networks with ZENworks.
e. Added support of NDS multi trees.
* Enhanced the History mode:
a. Changed the window interface.
b. Added a pop-up menu.
c. Added the option allowing you to increase History cache to 1023 records.
d. Added sorting of information for two directions in the columns of the
History window.
e. Added the NDS Info command to this window.
f. Added the Send message command.
g. Added the button for the Connect operation.
* Enhanced the Whois option:
a. Corrected hanging of the program when it tried to set a connection with a
closed Whois server.
b. Added the "Paste" button for operations with Clipboard.
c. Added the "Transfer to DNS name" button. This button will allow you to get a
host name through its IP.
d. Added the buttons: "Move to the top of the URL list" and "Move to the tail
of the URL list". By these the button you will move a host name to the top or
the tail of the URL list.
e. Added some improvements to searching operations.
f. Improved the interface.
* Added an icon for the Connect command to the toolbar.
* Refreshed some codes from the new NDK (March, 2005).
* Changed HELP.
Updated June 11, 2004: New version 3.9.6 is released with
new features listed
below.
- Added LinkWall 2.00 support
- Added Check Log command - check the log immediately without waiting for the
next pass
- Add NDS Info command - get NDS personal information for a selected user
- Added automatic start to most recently used common log path
- Enhanced algorithm for reading log files to be more efficient with both
bandwidth and memory
- Enhanced history mode, to allow tracing a user activity more easily
- Added history icon to toolbar
- Enhanced Define Name mode - you can now halt this operation in progress
- Changed the icon for Define Name in the toolbar
- Changed some codes from the latest Novell NDK
- Changed license agreement and Help file
Updated Jan 5, 2004: New version of RTMonitor released.
New demo version
uploaded here.
- Changes include: Traffic diagram feature added - requires a certain minimum
amount of time, so
give it a few minutes to run before graphing the data.
- Price increased to $44.95.
Updated Sept. 25: People were having problems with browsers
not downloading .MSI files properly (MIME setting issue in the browser), so I
repackaged the RTMonitor demo download in .ZIP format. No other changes.
Updated July 23, 2003, with new demo version, and
explanation of new features:
- LinkWall integration - click on a URL, and easily add it to a LinkWall
blocking list
- Flag 403 Forbidden Users - enable this feature, and any user with a 403
error will be highlight.
(Useful for school administrators watching for problem children).
- Beep on 403 Forbidden - enable this feature, and if a 403 Forbidden comes
up in the current pass, the PC will beep once to get your attention
- History buffer per user increased from 10 to 20 URL's
Updated May 26, 2003: - updated information for new
version 3.05.
Return to the Main Page