Log all websites visited on an airport express?

  • Posted: 10 May 2011 09:27 AM

    Hi there, I’m wondering if anyone can advise me on how to log all activity (url’s visited) on my airport express? I’m using a MacBook Pro, fully updated OS X, but I want to log all users connected to the airport express.

    Thank you

  • Avatar

    Posted: 19 May 2011 09:54 AM #1

    Hi Adam

    I’ve asked my co-host and our friend, the esteemed Mr. John F. Braun, to comment here, as he’s actually got an AirPort Express and may be able to provide more specific answers.

    To my knowledge, the AirPort Utility may show what computers (by MAC address) are connected at any given point in time, but I’m nearly certain that’s all it will show.

    It’s possible the AirPort Express supports SNMP, which would then allow you to query it using other tools, but even so I’m not sure it would publish that sort of data (URL visits by MAC address) that way.

    I’m sure there are routers who would do this (SonicWall comes to mind), but none that I know of in the home/consumer market.

    That said, there may be another way to skin this particular ... issue. wink If you were to use OpenDNS you can then generate reports showing DNS activity by time. It’s abstracted out and will only show you activity from the entire network as a whole, but will still show you which DNS lookups happened, and you can even sort them by category (i.e. if you’re looking to see if someone in the house is surfing porn or chat sites or gaming sites, etc).

    The path here is to first create a free OpenDNS account. Then set your AirPort Express (or whatever router you use) to use OpenDNS as its sole DNS server(s). This way all your traffic must first check-in with OpenDNS (because that’s what domain lookups do), and you can get a pretty good picture of what’s happening with your network.


    -Dave Hamilton / The Mac Observer / Mac Geek Gab / Dave on Twitter
    When you find a big kettle of crazy, it’s best not to stir it.

  • Avatar

    Posted: 19 May 2011 11:48 AM #2

    Hi Adam

    Yes, the AirPort Express (at least the one I have, model A1084, which support 802.11g but not 802.11n) does support SNMP.  If you run AirPort Utility, then go to Advanced, then click on Logging & Statistics, there’s an Allow SNMP checkbox.  There’s also a Allow SNMP over WAN checkbox, which I wouldn’t check unless you want everyone on the Internet to be able to collect your SNMP data.

    So that’s the good news.  The bad news is I was unable to find anything that could do much beyond offer network statistics, such as these AirPort Flow (http://www.memention.com/airportflow/) SNMP Status (http://kunysch.de/projects/snmpstatus/index.en.html) and MRTG (http://oss.oetiker.ch/mrtg/).

    What I did find was the same as Dave, in that an OpenDNS account can collect this information.  He’s also correct in that you can see who is connected, by selecting Logs and Statistics in the AirPort Utility Base Station menu, and looking at the Wireless Clients or DHCP Clients tabs.

    Assuming that machine that are connecting to the AirPort Express are all Macs, you can configure an account with Parental Controls.  Under the Web category is a “Logs…” option, and you can collect Websites Visited, Websites Blocked, Applications and iChat data.

    One final thought is that you could collect network activity data with a tool like Wireshark (http://www.wireshark.org/) and either perform live monitoring of the network, or save the data for further analysis.

    Of course there may be ethical and possibly legal implications associated with monitoring network traffic, but I’ll assume that this is your base station and you have a reason to suspect something isn’t right.


    John F. Braun
    Columnist & Podcaster

  • Posted: 19 May 2011 01:00 PM #3

    Dave, John,

    Cheers.  I thought I was perhaps missing something in my efforts to find a streamlined solution to this, clearly I was not.  I already have SNMP enabled reporting a variety of information, and though tempted by the offerings of OpenDNS, the notion of pointing my packets at them unnerves me. 

    Interestingly John, I have the AE that supports 802.11n and I don’t believe in my case there is an option to allow SNP over WAN.  Not that I’d be checking that box anyway, as per your comment.

    Thank you for your help, and looking forward to 332.