Hello i want to know if there are any tools to monitor and log if possible the network activity.

An application on the firewall with which i can see who/where/what is he doing from a web interface or something (except ntop).


Also if there is an application where i can check a report for every user of my mail server where he sent emails, cause scrolling through the maillog takes a lifetime.

Thank you

I use mail/pflogsumm to get a summary of my maillogs from Postfix.

An application on the firewall with which i can see who/where/what is he doing from a web interface or something (except ntop).

For quick and easy setup I've used: net-mgmt/darkstat (http://www.freshports.org/net-mgmt/darkstat/).

You can also use any of the netflow tools (softflow, pfflow) on your firewall. But... You will need to send the data to a server though. On that server you can have a nice web interface :)

Netflow is pretty cool.. Not sure about other brands but I know you can enable it on Cisco devices too.

I was actually looking for something simpler at home.. I'm going to check out darkstat too

If you want to go the netflow route, FreeBSD has ng_netflow(4). Netflow is probably the most powerful option, but by no means plug 'n' play.

I'll give a try with softflow see how that works, and nfsen see how that goes.
For sure it is not easy, but i love a good challenge.

I use mail/pflogsumm to get a summary of my maillogs from Postfix.
I use pflogsumm, and on a qmail server i use isoqlog. Problem is how to generate a report based on a user.

Ex: Lets say there is someone in the company who sends alot of emails to certain domains. I would like an application which could filter from the logs all the mails. Something like:

Date/Hour Mail from Mail to

So i can see all that mails that a certain person sent for that day and where.

You could grep the logs to filter out a single user, then use that resulting file in a log analyzer.

You can also use any of the netflow tools (softflow, pfflow) on your firewall. But... You will need to send the data to a server though. On that server you can have a nice web interface :)

Netflow is pretty cool.. Not sure about other brands but I know you can enable it on Cisco devices too.

I was actually looking for something simpler at home.. I'm going to check out darkstat too

I installed softflow - which is pretty easy and also tried flow-tools + flowscan (which is really weird). No i am trying softflow + nfsen but for some reason some things r not working properly: if i leave the live profile (which is default) eveything is logged, but the moment i am trying to create a new profile and use a filter nothing else appears.

Anyone knows a good netflow data interpreter which they tested and used? and which has some documentation cause nfsen has close to none.