Monitoring User Activity in Real Time with RTMonitor

Latest Update:

Updated Oct. 27, 2006: New version 4.4 is released with new features listed below. A free demo version is available here. The price is:


If you already installed version 3.9.6 or earlier of the program, then you should first uninstall the old version before installing the new copy. Use the Add/Remove Programs folder in Control Panel of your workstation. This operation cleans all settings of MS Installer in the Registry.

If you already installed the 4.0.3 version (or later), then install the new copy into the same directory of this previous copy. You should not need to uninstall the old one first.

Changes since the previous versions include:

About RTMonitor

A common question I see in the Novell public forums is "How can I see where my users are going right now?", and "How can I tell who is using a lot of bandwidth right now?"

The best answer I have seen is to use a clever little program called RTMonitor, by Victor Kulichkin. This program works by parsing the common log file almost constantly, pulling out current data, and displaying it on your PC. The program will show you 100 users (configurable), and the last 20 or so web sites they visited. In addition, the amount of bytes downloaded by each user is displayed, so that you can find users that are taking most of the bandwidth.

Starting with version 3.05 there is a button to click on that will attempt to associate an IP address from the log files with a user currently logged in to a server. (There are limitations on how this works, but basically, if you do not have proxy authentication enabled, and your users are logged into a NetWare 5 or 6 server via TCP/IP, and you are running RTMonitor on Win2k / XP, the feature should work).

I find this program especially useful when setting up access rules, and discovering what sites kids are getting to in schools. (Sites not being blocked by SurfControl, N2H2 or LinkWall). I can then modify the access rules as needed. Versions since 3.05 even show me if the last access to a site was Forbidden, by displaying the HTTP connection code from the logs.

Version 3.1.4 and later have a very useful LinkWall integration feature, that makes it extremely easy to block a URL with LinkWall. Click on a URL in RTMonitor's display, and you will have an option to add that URL to a LinkWall blocking list. You even have another button to tell LinkWall to refresh itself, so that it will read in the new URL and block it right away. If you do not have LinkWall, this feature can be used to simply make a list of URL's you might want to track, or manually add to your own access rules. If you haven't tried LinkWall, you should. (You can download a LinkWall 45-day eval for free HERE).

RTMonitor is not expensive at only $99.95 (about half that for schools)! Every BorderManager administrator should get a copy. The program is available for purchase at Victor Kulichkin's web site.

A RTMonitor demo version is available HERE. This version will only display 3 users. It is a small program, runs on Windows, and it is easy to install and uninstall. Victor Kulichkin's web site shows an example of how the program looks in action.

Note: If you have installed older versions of RTMonitor, you must uninstall the old version before the new version will install. Running the install program has an option to uninstall the program, but it will not automatically detect and uninstall older versions for you. If you install a new version with an old version installed, the old version will remain in place.

Some hints on how to make best use of this program:

Previous Updates to this page:

Updated June 11, 2004: New version 3.9.6 is released with new features listed below.

Updated Jan 5, 2004: New version of RTMonitor released. New demo version uploaded here.

Updated Sept. 25: People were having problems with browsers not downloading .MSI files properly (MIME setting issue in the browser), so I repackaged the RTMonitor demo download in .ZIP format. No other changes.

Updated July 23, 2003, with new demo version, and explanation of new features:

Updated May 26, 2003: - updated information for new version 3.05.

Return to the Main Page