[CentOS] looking for some advice to monitor network usage in office

Wed Mar 25 16:20:16 UTC 2009
Ray Leventhal <centos at swhi.net>

Rudi Ahlers wrote:
> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for it.
>   
Just to add my .02, depending on the traffic level, you may do better 
with a pre-packaged distro like Endian which provides transparent proxy 
and reporting.  The community edition (what I'm using) sets up very 
easily and pretty much works out of the box.

For our mixed OS network of about 40 workstations, this serves very 
nicely and does pretty much what you're asking.  The only thing I did to 
the stock install was to have the logs ftp'd to me for archiving so they 
don't get rotated out of existence during the normal system rotation 
schedule. (client wants 1yr of history).

HTH,
-Ray