FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 03-25-2009, 08:12 AM
Jamie Beverly
 
Default looking for some advice to monitor network usage in office

On Mar 25, 2009, at 1:12 AM, Ruben Laban <r.laban@ism.nl> wrote:

On Wednesday 25 March 2009 at 09:03 (CET), Rudi Ahlers wrote:
I've been asked by a college to setup a monitor to monitor a Windows
network, but on internet usage. They want to have detailed usage, i.e.
on a per IP / PC basis, and if possible to get stats for every
protocol, and see over a period of time what goes on.

My first though wat ntop, which does all of this, but it doesn't save
the data in a DB, so if the server reboots the stats are reset to 0. I
also can't get Cacti to give me stats per IP & per protocol (unless
someone knows how todo this).

I don't yet know the full network layout, but I have a feeling they're
using ADSL, and have a Windows Small Business server with ISA, and
possible Exchange as well. So, I'm either going to put a Linux box
between the Windows box & ADSL router, or maybe even setup a Linux
Vmware Virtual PC, force all the network to route via the VPS.


With pmacct, or any other utility that 'snoops' traffic, you will likely want to configure a "tap" on your switches that replicates all frames on a specific port. This will remove the need to do anything to your network topology, like changing routes. That one port will see the network as though it were on a hub (which, like all monitoring, has security implications)

Depending on the size and complexity of your network, you may want to aggregate on tap ports, but forward and store to a monitoring host...

Does anyone have some suggestions / experience in setting up something
like this?

P.S. Please don't look at the fact that there's Windows on the
network. I use Linux for business purposes, not as a hobby, and we
also use Mac & Windows where the situation calls for it.


Look into pmacct [1]. It can collect rather detailed information and can store
it in various formats, including mysql/postgresql database.

[1] http://www.pmacct.net/

--
Regards,

Ruben Laban
Systems and Network Administrator
ISM eCompany

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam





--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 03-25-2009, 02:01 PM
Les Mikesell
 
Default looking for some advice to monitor network usage in office

Rudi Ahlers wrote:
> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0.

Are you sure you went through all the ntop options? I thought it had
ways to store and export data. And it can both source and parse netflow
data.

> I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).

SNMP normally reports traffic per interface. If you can get by with a
historical total/max bandwidth report, point cacti or other SNMP tool at
the switch ports facing the users. Then use ntop for snapshots of
protocol usage. If, for example, you are trying to track down the
source of a virus, you really only want to see current traffic patterns,
not totals that include last week's bittorrent activity.

> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?

As long as you have a manged switch behind the internet router you
should be able to set up a mirror (monitor) port to feed a copy to an
interface running ntop without actually routing through the Linux box.
Or, if the router supports it, it can send netflow records to something
that understands them.


--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-25-2009, 03:20 PM
Ray Leventhal
 
Default looking for some advice to monitor network usage in office

Rudi Ahlers wrote:
> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for it.
>
Just to add my .02, depending on the traffic level, you may do better
with a pre-packaged distro like Endian which provides transparent proxy
and reporting. The community edition (what I'm using) sets up very
easily and pretty much works out of the box.

For our mixed OS network of about 40 workstations, this serves very
nicely and does pretty much what you're asking. The only thing I did to
the stock install was to have the logs ftp'd to me for archiving so they
don't get rotated out of existence during the normal system rotation
schedule. (client wants 1yr of history).

HTH,
-Ray
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:17 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org