One of the best data sources for web tracking is packet capture.
The main reason for this is that it does not look at HTTP headers where a lot of the important information is stored. However, as with server logs, NetFlow isn’t a web usage tracker. The idea is that you get flow records from the edge of your network so you can see what IP address is connecting to what. Some vendors are pitching flow type tools to address the problem. They are meant to provide server administrators with data about the behavior of the server, not what users are doing on the internet. Server log files do not always have the answer, either. These systems were designed to block or control access and reporting was just added on at a later date. While some firewalls and proxy servers include reporting capabilities, most are not up to the job. As internet usage constantly grows, malicious, phishing, scamming, and fraudulent sites are also evolving. One of the main drivers for this is the need to keep the network secure. For many years, IT managers have tried to get some sort of visibility at the network edge so that they can see what is happening. Associating internet activity with MAC addresses