Monitor Network Traffic

B

bloodhound

Hello i want to know if there are any tools to monitor and log if possible the network activity.

An application on the firewall with which i can see who/where/what is he doing from a web interface or something (except ntop).


Also if there is an application where i can check a report for every user of my mail server where he sent emails, cause scrolling through the maillog takes a lifetime.

Thank you
 
I use mail/pflogsumm to get a summary of my maillogs from Postfix.
 
You can also use any of the netflow tools (softflow, pfflow) on your firewall. But... You will need to send the data to a server though. On that server you can have a nice web interface :)

Netflow is pretty cool.. Not sure about other brands but I know you can enable it on Cisco devices too.

I was actually looking for something simpler at home.. I'm going to check out darkstat too
 
If you want to go the netflow route, FreeBSD has ng_netflow(4). Netflow is probably the most powerful option, but by no means plug 'n' play.
 
I'll give a try with softflow see how that works, and nfsen see how that goes.
For sure it is not easy, but i love a good challenge.
 
brd@ said:
I use mail/pflogsumm to get a summary of my maillogs from Postfix.
Click to expand...
I use pflogsumm, and on a qmail server i use isoqlog. Problem is how to generate a report based on a user.

Ex: Lets say there is someone in the company who sends alot of emails to certain domains. I would like an application which could filter from the logs all the mails. Something like:

Date/Hour Mail from Mail to

So i can see all that mails that a certain person sent for that day and where.
 
You could grep the logs to filter out a single user, then use that resulting file in a log analyzer.
 
SirDice said:
You can also use any of the netflow tools (softflow, pfflow) on your firewall. But... You will need to send the data to a server though. On that server you can have a nice web interface :)

Netflow is pretty cool.. Not sure about other brands but I know you can enable it on Cisco devices too.

I was actually looking for something simpler at home.. I'm going to check out darkstat too
Click to expand...

I installed softflow - which is pretty easy and also tried flow-tools + flowscan (which is really weird). No i am trying softflow + nfsen but for some reason some things r not working properly: if i leave the live profile (which is default) eveything is logged, but the moment i am trying to create a new profile and use a filter nothing else appears.

Anyone knows a good netflow data interpreter which they tested and used? and which has some documentation cause nfsen has close to none.
 
You must log in or register to reply here.
Back
Top