Monitor Network Traffic

bloodhound

Member


Messages: 34

Hello i want to know if there are any tools to monitor and log if possible the network activity.

An application on the firewall with which i can see who/where/what is he doing from a web interface or something (except ntop).


Also if there is an application where i can check a report for every user of my mail server where he sent emails, cause scrolling through the maillog takes a lifetime.

Thank you
 

brd@

Administrator
Staff member
Administrator
Moderator
Developer

Reaction score: 91
Messages: 293

I use mail/pflogsumm to get a summary of my maillogs from Postfix.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,108
Messages: 35,583

You can also use any of the netflow tools (softflow, pfflow) on your firewall. But... You will need to send the data to a server though. On that server you can have a nice web interface :)

Netflow is pretty cool.. Not sure about other brands but I know you can enable it on Cisco devices too.

I was actually looking for something simpler at home.. I'm going to check out darkstat too
 

aragon

Daemon

Reaction score: 281
Messages: 2,029

If you want to go the netflow route, FreeBSD has ng_netflow(4). Netflow is probably the most powerful option, but by no means plug 'n' play.
 
OP
B

bloodhound

Member


Messages: 34

I'll give a try with softflow see how that works, and nfsen see how that goes.
For sure it is not easy, but i love a good challenge.
 
OP
B

bloodhound

Member


Messages: 34

brd@ said:
I use mail/pflogsumm to get a summary of my maillogs from Postfix.
I use pflogsumm, and on a qmail server i use isoqlog. Problem is how to generate a report based on a user.

Ex: Lets say there is someone in the company who sends alot of emails to certain domains. I would like an application which could filter from the logs all the mails. Something like:

Date/Hour Mail from Mail to

So i can see all that mails that a certain person sent for that day and where.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,108
Messages: 35,583

You could grep the logs to filter out a single user, then use that resulting file in a log analyzer.
 
OP
B

bloodhound

Member


Messages: 34

SirDice said:
You can also use any of the netflow tools (softflow, pfflow) on your firewall. But... You will need to send the data to a server though. On that server you can have a nice web interface :)

Netflow is pretty cool.. Not sure about other brands but I know you can enable it on Cisco devices too.

I was actually looking for something simpler at home.. I'm going to check out darkstat too

I installed softflow - which is pretty easy and also tried flow-tools + flowscan (which is really weird). No i am trying softflow + nfsen but for some reason some things r not working properly: if i leave the live profile (which is default) eveything is logged, but the moment i am trying to create a new profile and use a filter nothing else appears.

Anyone knows a good netflow data interpreter which they tested and used? and which has some documentation cause nfsen has close to none.
 
Top