How to monitor Internet (and email) traffic?

Hi there,

We are a small company having two routers, which have static IP from T1 provider.  What is needed in order to monitor ALL http trafic?  Is it possible to get something (hardware and/or software) sitting on top of the two routers or individual router for such monitoring purpose?  

Our mail server is managed by an outside cotractor.  Is monitoring email in and out possible?

Thanks for the suggestions in advance.
asugriAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Chris StauntonConnect With a Mentor Commented:
MTRG can monitor traffic for you.  Just google MRTG and you'll find the link to the site with examples of what it can do for you.  MRTG can run under linux or even windows.
0
 
dr-evilConnect With a Mentor Commented:
what do u mean with "monitor all http trafic" ?
u wanna log every http-request made by your users?
0
 
arnoldConnect With a Mentor Commented:
cacti.net is a more robust tool and could be simpler than dealing with MRTG configs.

Depending on the router and whether you are talking about setting up a transparent proxy with WCCP. i.e. any request to port 80 on either router will get transparently redirected to a proxy server.  the proxy server's logs can than be audited.
The distribution of the outgoing requests would have to be configured by assigning static routes on the proxy with two interfaces, or have a routing protocol/broadcast to direct the request to the correct device.
If you have two routers each with a different ISP. and they both provide a connection to a firewall that than feeds the LAN, the routing configuration among the routers and the firewall will handle the traffic distribution.

If you have a requirement to maintain copies of all incoming/outgoing emails, this has to be setup on the mailserver.
0
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

 
Michel SakrConnect With a Mentor Commented:
You need to monitor the bandwidth or intercept the traffic?
For interception you can use websense, while for traffic bandwidth MRTG is ok
0
 
giovannicoaConnect With a Mentor Commented:
Hi,

Use a proxy server for HTTP traffic monitoring and statistical reports.

For the HTTP part Endian Firewall can be the useful. It's also free.

What do you need to do is to Install Endian Firewall as you internet gateway and expose it with NAT to the internet. Configure the HTTP proxy section and make your workstations using the proxy for browsing the internet.
0
 
Fadi SODAH (aka madunix)Connect With a Mentor Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP and SCECommented:
beside squid i use sarg http://sarg.sourceforge.net/
Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. I suggest that you use sarg for analyzing squid log files. Sarg will analyze the log file and generate the reports like access time, top downloads, etc.
0
 
asugriAuthor Commented:
All,  

Sorry not getting back to this issue for a while.   I need to digest a little bit regarding all the provided info.  Thanks.
0
 
Fadi SODAH (aka madunix)Connect With a Mentor Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP and SCECommented:
0
 
m76543Connect With a Mentor Commented:
Essentially you need NTOP monitoring and POP3+SMTP proxy services.  NTOP will monitor specified links providing very indepth statistics of the traffic.

The two proxy services will allow you to monitor and A/V the mail incoming and outgoing.  In ENDIAN these are found under the tab "PROXY", for the NTOP go to tab "SERVICES" and then menu choice "Traffic Monitoring". I found that the default system did not allow me to get it to monitor the RED Internet interfaces, so I editing in Linux the file /etc/ntop/etc/ntop.conf to include the extra interfaces.
see here for more info on doing that.

All of these (and more) are provided in many community firewalls such as ENDIAN.
http://www.endian.com/en/community/overview/

ENDIAN community supports upto 4 interfaces, I would recommend:
2 you could assign for the Internet T1 connections (known as RED)
1 for the first internal router interface (known as GREEN)
1 for the second internal router interface (known as BLUE)

I expect you will need to define some routes as the Endian is in the "hub" of your links and routers.  Define the routes in tab "Network", menu "Routing", tab "Policy Routing".

You may find that there is no need to even use your two routers once the Endian goes in!  IF you wish to do that then us the "FIREWALL" tab to define all the rules.

cheers Michael
0
 
asugriAuthor Commented:
I don't have time to test out the suggestions.  Will try to visit this topic in the future.  Thank you all for the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.