On Mar 25, 2009, at 4:01 AM, Rudi Ahlers <rudiahlers at gmail.com> wrote: > Hi all, > > I've been asked by a college to setup a monitor to monitor a Windows > network, but on internet usage. They want to have detailed usage, i.e. > on a per IP / PC basis, and if possible to get stats for every > protocol, and see over a period of time what goes on. > > My first though wat ntop, which does all of this, but it doesn't save > the data in a DB, so if the server reboots the stats are reset to 0. I > also can't get Cacti to give me stats per IP & per protocol (unless > someone knows how todo this). > > I don't yet know the full network layout, but I have a feeling they're > using ADSL, and have a Windows Small Business server with ISA, and > possible Exchange as well. So, I'm either going to put a CentOS box > between the Windows box & ADSL router, or maybe even setup a CentOS > Vmware Virtual PC, force all the network to route via the VPS. > > Does anyone have some suggestions / experience in setting up something > like this? > > P.S. Please don't look at the fact that there's Windows on the > network. I use Linux for business purposes, not as a hobby, and we > also use Mac & Windows where the situation calls for I Best way to do what your asking is to setup a proxy/firewall that all hosts have to pass through. That way the proxy/firewall can log all the activity and then you use a reporting program to report on the log data. Squid can log all kinds of data, so can iptables. Couple that with NTLM/basic authentication on the squid host and you can put names with ip addresses. The authentication can be transparent so if the user is logged on the network they auto-authenticate with the proxy. -Ross