[gentoo-user] Network Monitoring
List Members - I am looking for some advice. We have a user on our network that we belive may be making inappropriate forum posts, violating our TOS for internet usage. I am looking for some recommendations of software that I can install on Gentoo server to help us monitor these posts. Can anyone recommend a proxy package that could help me to monitor this. I would prefer to do this transparently but we do have access to configure a proxies on the users browser. Is this something that Squid can do? Thanks for any recommendations. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Network Monitoring
Hi, On Wed, 17 Oct 2007 10:38:10 -0400 James Colby [EMAIL PROTECTED] wrote: I am looking for some advice. We have a user on our network that we belive may be making inappropriate forum posts, violating our TOS for internet usage. I am looking for some recommendations of software that I can install on Gentoo server to help us monitor these posts. Can anyone recommend a proxy package that could help me to monitor this. I would prefer to do this transparently but we do have access to configure a proxies on the users browser. Is this something that Squid can do? You won't get HTTPS traffic without spoofing certificates, which might not get trough unnoticed. But HTTP is just plain text, so probably you can just run $ tcpdump -w - -i ethN -s 1600 port 80 and src 192.168.your.enemy | tee fulldump | strings for one or two days and be done with it. Note that the traffic you're interested in the most is outgoing traffic (HTTP POST) if you're looking for offensive communication originating from that user. Of course, all of this is probably illegal if that user hasn't agreed on monitoring measures (which means you'll probably not be able to use it as a proof before court) -- and even that might be prevented by local law. Also have a look at the dsniff package, especially at urlsnarf. But this would just give you the URLs... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Network Monitoring
On Wed, Oct 17, 2007 at 04:57:54PM +0200, Uwe Thiem wrote: I have no recommendation but would like to remind you of one thing: What you are trying to achieve is a serious breach of privacy. All users of this network are made aware of the Acceptable use policy of this network, and understand that we have reserved the right to monitor this network to ensure compliance with that policy. Until now we have not felt the need for monitoring, but certain violations have been brought to out attention, and we feel as though we need to do something about it. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Network Monitoring
On Wednesday 17 October 2007, Tapio Raevaara wrote: Network monitoring can be interpreted in many different ways, are you sure your users realize what that really means? Unless you've already done so, it might be a good idea to send a message reminding of the policy to all users, mention that a single user has been violating that policy, and that if this will not stop immediately, you'll be forced to start monitoring the traffic. I'd go further than that, I would be more specific regarding the way in which that user violated the policy: e.g. used company IT equipment to access 'such such' type of website in company time. In my company, 'social networking websites' like myface, youtube and what not, are out of bounds. Ditto for ebay - employees were spending far too much time browsing deals on ebay. Also, what are the implications of violating the policy - speak to your HR department first and reiterate these in the same message; e.g. porn may be instant dismissal, but ebay may just result in a disciplinary hearing. Then check that (s)he (and others) don't just use anonymouse to get to their preferred websites . . . -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Network Monitoring Packages eg:ntop
Hi All, Just want to see if anyone has any good info to share. What I want: (not necessary host availability/polling) Network monitoring/network traffic analyser which is something like ntop which shows IP traffic in (from where) and out (to where) as well as top talkers, top ports etc. This is basically to determine whats happening with my network and who's been hogging the bandwidth etc. (time for some wrist slapping!!) And preferably it logs into a Mysql/Postgressql database which can be later dissected for analysis. I've looked at opennms - http://bugs.gentoo.org/show_bug.cgi?id=51441 which seems to be able to do it. I've also looked at jffnms, (which used to be in portage? searched through the archives and it seems it was previously) but it seems to only be able to look at host/server availability. Looked at argus, it seems to have the features for Traffic Flow Analysis but it does not support (AFAICT) for logging into a DB.(The FAQ states answer is coming) Zabbix is another package but seems like it too provides for client/server availability etc. Doesn't do much for my needs. I initially looked at ntop, then found out that it no longer uses a SQL database for it's backend data collection, it now uses rrdtool. I've got some stupid question, I understand that RRDtool is a good thing since it's like a never growing DB, but frankly, just how many days/years of data can it hold? What's the limit etc? I don't seem to be able to locate a FAQ about that one particular point. Appreciate some comments. Thanks -- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM 98% Microsoft(tm) Free!! Neuromancer 09:33:29 up 18:19, 2 users, load average: 0.29, 0.61, 1.15 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Network Monitoring (graphical web app)
Haven't tried it, but it seems to be worth a look, so I would add http://www.zabbix.com/ 2005/8/3, Michael Crute [EMAIL PROTECTED]: I use Nagios and Cacti with much success. http://www.nagios.org/ http://www.cacti.net/ -Mike On 8/3/05, Chris Frederick [EMAIL PROTECTED] wrote: Hi all, I've been looking for a monitoring app that I can run on my server/gateway. The more graphical the better, I really like the looks of the graphs from ipac and grapher. But I'd like to get more details than just total interface statistics. I'd like to be able to see a graph for the total, but also a few extra graphs for watching specific ports (21, 22, 25, 80, 443, etc...). Being able to monitor procs, specific procs, and memory and stuff would be nice, but I can get that from other apps if needed. Any suggestions/recommendations? Thanks all, Chris Frederick -- gentoo-user@gentoo.org mailing list -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Network Monitoring (graphical web app)
On Wed, 3 Aug 2005, Michael Crute wrote: I use Nagios and Cacti with much success. http://www.nagios.org/ http://www.cacti.net/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Network Monitoring (graphical web app)
On Wed, 3 Aug 2005, Chris Frederick wrote: I've been looking for a monitoring app that I can run on my server/gateway. The more graphical the better, I really like the looks of the graphs from ipac and grapher. But I'd like to get more details than just total interface statistics. I'd like to be able to see a graph for the total, but also a few extra graphs for watching specific ports (21, 22, 25, 80, 443, etc...). Being able to monitor procs, specific procs, and memory and stuff would be nice, but I can get that from other apps if needed. Any suggestions/recommendations? ntop ? -- -- gentoo-user@gentoo.org mailing list
