Tony Schreiner wrote: >> assuming you want to log user web browsing traffic, configuring a >> Squid transparent proxy at your network border would be the best >> way. its logfiles are quite similar to those of a webserver, so you >> can use a wide range of log analysis tools. >> > > To get more specific about what's going on. My network services have > informed me that the machine is probing other systems at a high rate. > An infection of some sort. And I'm trying to track down what's going on. ah. tcpdump -i ethX tcp port 80 (and prepare for a flood of data).