[CentOS] looking for some advice to monitor network usage in office

Wed Mar 25 13:27:15 UTC 2009
Ross Walker <rswwalker at gmail.com>

On Mar 25, 2009, at 4:01 AM, Rudi Ahlers <rudiahlers at gmail.com> wrote:

> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for I

Best way to do what your asking is to setup a proxy/firewall that all  
hosts have to pass through. That way the proxy/firewall can log all  
the activity and then you use a reporting program to report on the log  
data.

Squid can log all kinds of data, so can iptables. Couple that with  
NTLM/basic authentication on the squid host and you can put names with  
ip addresses.

The authentication can be transparent so if the user is logged on the  
network they auto-authenticate with the proxy.

-Ross