Capturing instant messages

[Nick Vatamaniuc]

Assuming a one person per one machine per one chat protocol it might be
possible to recreate the tcp streams (a lot of packet capturing devices
already do that). So the gateway would have to have some kind of a
dispatch that would recognize the initialization of a chat loggon and
start a capture process for each such connection. I imagine with a 1000
employess he will end up with a 1000 processes running at the same
time. Another way is to capture all the streams at once that deal with
the chat protocol and ports and then replay them later and somehow
cre-create the tcp streams and chat messages in a cron batch job (at
night or weekend).

Nick V.


Yu-Xi Lim wrote:
> Ed Leafe wrote:
> >     I've been approached by a local business that has been advised that
> > they need to start capturing and archiving their instant messaging in
> > order to comply with Sarbanes-Oxley. The company is largely PC, but has
> > a significant number of Macs running OS X, too.
> >
>
> This is going to be quite off-topic.
>
> I'm not entirely familiar with SOX regulations. Is it necessary to
> capture it at the gateway? The best solution would be to provide logging
> at the individual chat clients. Piecing together conversation threads
> from individual packets while filtering out other non-chat junk can be
> extremely tedious.
>
> I understand the standard AIM client doesn't provide logging. Probably
> won't any time soon, since it wasn't made for enterprise. There are
> enterprise gateways for AIM, but I'm not sure of the cost or other
> deployment issues. (Try looking at Jabber) You should consider those. Or
> a switch to a more enterprise-friendly protocol if that's possible.
>
> Other alternatives would be to use a better client. Multi-protocol
> clients like GAIM, Trillian, Miranda, and Adium X generally provide
> logging. Most provide the ability to toggle logging for specific
> sessions, thus reducing privacy issues.