What are your criteria for a "web connection"? Any http/https request made from a browser? http/https from anything? DNS resolution? Any established tcp session?
Taking a guess at what you want, my first instinct would be to change your dns servers to a dns proxy with logging, but that's only going to give you hostnames (and you're going to get _every_ resolution, not just stuff from http traffic). If you're concerned mostly with http traffic, and want the full request URI, a MITM proxy (complete with trusted certs for root domains, and proxy auto-config) or logging browser extension are the first things that come to mind, although those are fairly easy to detect for a reasonably savvy user (not sure if that's a requirement). A PAC file is potentially better than a browser extension, depending on where you want visibility, as most apps that use http/https at some level will end up getting proxied. -Igneous On Thu, Apr 22, 2021 at 8:02 PM Tilghman Lesher <[email protected]> wrote: > Have you considered LittleSnitch? It's by far the most well-known of > the logging firewalls for OS X. You can set it to permissive, then > allow everything out, but log it. > > As far as "not easy to detect", that's probably not going to work. > Without compromising the kernel, everything is going to be easy to > detect. But the nice thing about LittleSnitch is that, because it's > so ubiquitous in the OS X world, many people will simply overlook its > presence. > > On Wed, Apr 21, 2021 at 10:08 PM John Wallace <[email protected]> wrote: > > > > I realize this is a Linux group, however I'm hoping some of you have > > some OSX experience. > > > > Is there a good solution for logging web connections on a Mac? I'm > > thinking of something real simple and lightweight thats not easy to > > detect. An open source solution would be a plus. A command line daemon > > would be ideal. I'm not looking for anything that opens a port and > > takes remote commands, just something that will write a simple log to > > a file on the system of all outgoing web destinations. > > > > -- > > -- > > You received this message because you are subscribed to the Google > Groups "NLUG" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > [email protected] > > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > > > --- > > You received this message because you are subscribed to the Google > Groups "NLUG" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/nlug-talk/CAKov0FLg0OyapGWZDEz6bzCnJiM9uo0x%3D5X_AQ%3DFAPoQ9-e4Qg%40mail.gmail.com > . > > > > -- > Tilghman > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nlug-talk/CAHPkZcXCYFeVerV0uD8oJO6BSC-d%3DAaTvYTWRm3%2BXTw1Ky6ryw%40mail.gmail.com > . > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAL6Ts7%2BHqyNYz%2B6wxwDs4SgxZETNAeBB6c5eVYj%3Dpvi%2B4p9Wzw%40mail.gmail.com.
