On Mar 25, 2009, at 4:01 AM, Rudi Ahlers rudiahlers@gmail.com wrote:
Hi all,
I've been asked by a college to setup a monitor to monitor a Windows network, but on internet usage. They want to have detailed usage, i.e. on a per IP / PC basis, and if possible to get stats for every protocol, and see over a period of time what goes on.
My first though wat ntop, which does all of this, but it doesn't save the data in a DB, so if the server reboots the stats are reset to 0. I also can't get Cacti to give me stats per IP & per protocol (unless someone knows how todo this).
I don't yet know the full network layout, but I have a feeling they're using ADSL, and have a Windows Small Business server with ISA, and possible Exchange as well. So, I'm either going to put a CentOS box between the Windows box & ADSL router, or maybe even setup a CentOS Vmware Virtual PC, force all the network to route via the VPS.
Does anyone have some suggestions / experience in setting up something like this?
P.S. Please don't look at the fact that there's Windows on the network. I use Linux for business purposes, not as a hobby, and we also use Mac & Windows where the situation calls for I
Best way to do what your asking is to setup a proxy/firewall that all hosts have to pass through. That way the proxy/firewall can log all the activity and then you use a reporting program to report on the log data.
Squid can log all kinds of data, so can iptables. Couple that with NTLM/basic authentication on the squid host and you can put names with ip addresses.
The authentication can be transparent so if the user is logged on the network they auto-authenticate with the proxy.
-Ross