Monitoring User Activity in Real Time with RTMonitor
Latest Update:
Updated Oct. 27, 2006: New version 4.4 is released 
with new features listed below. A free demo version is 
available here. The price is:
- $99.95 for new customers
- $45.95 for schools, colleges, universities, and health protection 
establishments
- $45.95 for upgrades from a previous version
- Special Promotion: $20.95 for ANY upgrade, until November 20, 2006!  
Detailed information about this program can be found at: 
http://www.kvy.com.ua 
Upgrading:
If you already installed version 3.9.6 or earlier of the program, then you 
should first uninstall the old version before installing the new copy. Use the 
Add/Remove Programs folder in Control Panel of your workstation. This 
operation cleans all settings of MS Installer in the Registry.
If you already installed the 4.0.3 version (or later), then install the new 
copy into the same directory of this previous copy.  You should not need to 
uninstall the old one first.
Changes since the previous versions include:
- New features of 4.4:
 
 * Added the Remote management commands to the Tools menu and History.
 * Added saving a cursor position in the History and Web Sites Report windows
after pressing one of the buttons of these windows.
 * Added saving the sort order of columns of the main window for next
RTMonitor sessions.
 * Added support of Euro languages in the Send message window.
 * Refreshed some codes by the new NDK (October, 2006).
 * Changed HELP.
 
 
About RTMonitor
A common question I see in the Novell public forums is "How 
can I see where my users are going right now?", and "How can I tell who 
is using a lot of bandwidth right now?"
The best answer I have seen is to use a clever little program called RTMonitor, 
by Victor Kulichkin. This program works by parsing the common log file almost 
constantly, pulling out current data, and displaying it on your PC. The program 
will show you 100 users (configurable), and the last 20 or so web sites they 
visited. In addition, the amount of bytes downloaded by each user is displayed, 
so that you can find users that are taking most of the bandwidth.
Starting with version 3.05 there is a button to click on that will attempt to 
associate an IP address from the log files with a user currently logged in to a 
server. (There are limitations on how this works, but basically, if you do not
have proxy authentication enabled, and your users are logged into a NetWare 5 
or 6 server via TCP/IP, and you are running RTMonitor on Win2k / XP, the 
feature should work).
I find this program especially useful when setting up access rules, and  
discovering what sites kids  are getting to in schools. (Sites not being  
blocked by SurfControl, N2H2 or LinkWall). I can then modify the access rules  
as needed. Versions since 3.05 even show me if the last access to a site was 
Forbidden, by displaying the HTTP connection code from the logs.
Version 3.1.4 and later have a very useful LinkWall integration feature, that 
makes it extremely easy to block a URL with LinkWall. Click
on a URL in RTMonitor's display, and you will have an option to add that URL to 
a LinkWall blocking list. You even have another button to tell LinkWall to 
refresh itself, so that it will read in the new URL and block it right away. If 
you do not have LinkWall, this feature can be used to simply make a list of 
URL's you might want to track, or manually add to your own access rules. If you 
haven't tried LinkWall, you should. (You can download a LinkWall 
45-day eval for free HERE).
RTMonitor is not expensive at only $99.95 (about half that for schools)! Every 
BorderManager administrator should get a copy. The program is available for 
purchase at Victor Kulichkin's web 
site.
A RTMonitor demo version is available HERE. This 
version will only display 3 users. It is a small program, runs on Windows, 
and it is easy to install and uninstall.
Victor Kulichkin's web site shows 
an example of how the program looks in action.
Note: If you have installed older versions of RTMonitor, you must uninstall 
the old version before the new version will install. Running the install 
program has an option to uninstall the program, but it will not automatically 
detect and uninstall older versions for you. If you install a new version with 
an old version installed, the old version will remain in place.
Some hints on how to make best use of this program:
- Using this program requires you to have common logging enabled, so be sure 
to enable common logging. RTMonitor does not make use of extended or indexed 
log files.  I highly recommend setting up a dedicated log volume - do not put 
the log files on a cache volume, and try to avoid the sys volume.
- Because RTMonitor must parse through the most current common log file, it 
works best (fastest) if you have multiple small common log files, instead of 
very large ones. I recommend that you try to roll over your log files 
frequently, and at least try get them down to no more than 10MB each.
- Because RTMonitor caches the current log file on your workstation while 
working on it, you must reserve a certain amount of RAM in the program setup to 
hold the current log file. The default value is 10MB. If you roll your log 
files frequently, you can reduce the RAM limit for RTMonitor.  If you have lots 
of RAM on your PC and like to have 50-60MB log files, you can increase the cache 
size limit in RTMonitor. (But RTMonitor will still take longer to parse a 60MB 
log file than a 10MB log file).  Version 3.9.6 changed how the log files are 
processed, and this may not be as much of a limitation as before.
- There is a History option in RTMonitor so that you can see the last 1000 or 
so URL's accessed by a user. I requested that Victor add this feature because 
some web sites have many advertisement links that would otherwise obscure where 
the user was browsing. For instance, browsing to www.cnn.com will show you one 
URL for www.cnn.com, but serveral others as well, including ar.atwola.com, 
which usually shows up as the last URL. Without the history feature, you would 
not know that the web site being accessed was www.cnn.com.
- There is a Connect feature, which works with Internet Explorer, to view the 
URL's shown in the RTMonitor display. Note that once you connect to a URL, the 
next pass of RTMonitor through the common log will show you as accessing that 
URL.
- You will only see a user name if Proxy Authentication is active and the 
user is authenticated.
- By default, RTMonitor makes another pass through the latest common log file 
60 seconds after it completes a pass. However, it may take several seconds to 
parse the log file itself, so the actual (default) time between log file passes 
is 60 seconds + whatever time it takes for your PC to access and analyze your 
log file. Smaller log files are faster. You can change the idle time parameter 
if you don't like a 60 second delay between passes.
- Active connections are shown in red, while older connections are shown in 
black. After 30 minutes (default value) with no further activity, the user 
information is dropped from the RTMonitor display. Regardless of the time 
entered in the 'Clean Passive Users' parameter, only the last 100 users will be 
displayed.
Previous Updates to this page:
- New Features of Previous Version (4.2.6):
 
 * Added the Create web report command. With this command you will see all 
websites that your users are visiting at the moment. The command forms two 
kinds of reports - A report of websites and A report of visitors of these 
sites.
 
 * Added the Send message command. With this command you can send messages to a 
user by using the Message services of NetWare.
 
 *  Added the Report options window for creating reports.
 
 *  Enhanced the Define name mode:
 a. Added the option allowing you to manually make a servers list for scanning 
of users. This option allows you to reduce the time of this mode and is also 
useful for networks that have NetWare servers at the opposite sides of WAN.
 b.  Modified the algorithm of this operation for the last eDirectory versions 
in IP and IPX environments. The old Define Name command found user names 
without their NDS contexts.
 c. Added seven additional criteria of search by connection types into the 
algorithm. The previous programs had only two.
 d. Added the filter for ignoring NDS non-user objects. This option is useful 
for networks with ZENworks.
 e. Added support of NDS multi trees.
 
 *  Enhanced the History mode:
 a. Changed the window interface.
 b. Added a pop-up menu.
 c. Added the option allowing you to increase History cache to 1023 records.
 d. Added sorting of information for two directions in the columns of the 
History window.
 e. Added the NDS Info command to this window.
 f. Added the Send message command.
 g. Added the button for the Connect operation.
 
 * Enhanced the Whois option:
 a. Corrected hanging of the program when it tried to set a connection with a 
closed Whois server.
 b. Added the "Paste" button for operations with Clipboard.
 c. Added the "Transfer to DNS name" button. This button will allow you to get a 
host name through its IP.
 d. Added the buttons: "Move to the top of the URL list" and "Move to the tail 
of the URL list". By these the button you will move a host name to the top or 
the tail of the URL list.
 e. Added some improvements to searching operations.
 f. Improved the interface.
 
 * Added an icon for the Connect command to the toolbar.
 
 * Refreshed some codes from the new NDK (March, 2005).
 
 * Changed HELP.
 
Updated June 11, 2004: New version 3.9.6 is released with 
new features listed 
below.
- Added LinkWall 2.00 support
- Added Check Log command - check the log immediately without waiting for the 
next pass
- Add NDS Info command - get NDS personal information for a selected user
- Added automatic start to most recently used common log path
- Enhanced algorithm for reading log files to be more efficient with both 
bandwidth and memory
- Enhanced history mode, to allow tracing a user activity more easily
- Added history icon to toolbar
- Enhanced Define Name mode - you can now halt this operation in progress
- Changed the icon for Define Name in the toolbar
- Changed some codes from the latest Novell NDK
- Changed license agreement and Help file
Updated Jan 5, 2004: New version of RTMonitor released. 
New demo version 
uploaded here.
- Changes include: Traffic diagram feature added - requires a certain minimum 
amount of time, so 
give it a few minutes to run before graphing the data.
- Price increased to $44.95.
Updated Sept. 25: People were having problems with browsers 
not downloading .MSI files properly (MIME setting issue in the browser), so I 
repackaged the RTMonitor demo download in .ZIP format. No other changes.
Updated July 23, 2003, with new demo version, and 
explanation of new features:
- LinkWall integration - click on a URL, and easily add it to a LinkWall 
blocking list
- Flag 403 Forbidden Users - enable this feature, and any user with a 403 
error will be highlight. 
(Useful for school administrators watching for problem children).
- Beep on 403 Forbidden - enable this feature, and if a 403 Forbidden comes 
up in the current pass, the PC will beep once to get your attention
- History buffer per user increased from 10 to 20 URL's
 
Updated May 26, 2003: - updated information for new 
version 3.05.
Return to the Main Page