5 Feb
2008
5 Feb
'08
5:29 p.m.
Tony Schreiner wrote:
assuming you want to log user web browsing traffic, configuring a Squid transparent proxy at your network border would be the best way. its logfiles are quite similar to those of a webserver, so you can use a wide range of log analysis tools.
To get more specific about what's going on. My network services have informed me that the machine is probing other systems at a high rate. An infection of some sort. And I'm trying to track down what's going on.
ah. tcpdump -i ethX tcp port 80
(and prepare for a flood of data).