Solved

How to monitor Internet (and email) traffic?

Posted on 2010-09-15
11
1,070 Views
Last Modified: 2012-05-10
Hi there,

We are a small company having two routers, which have static IP from T1 provider.  What is needed in order to monitor ALL http trafic?  Is it possible to get something (hardware and/or software) sitting on top of the two routers or individual router for such monitoring purpose?  

Our mail server is managed by an outside cotractor.  Is monitoring email in and out possible?

Thanks for the suggestions in advance.
0
Comment
Question by:asugri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 12

Accepted Solution

by:
Chris Staunton earned 56 total points
ID: 33687908
MTRG can monitor traffic for you.  Just google MRTG and you'll find the link to the site with examples of what it can do for you.  MRTG can run under linux or even windows.
0
 
LVL 3

Assisted Solution

by:dr-evil
dr-evil earned 56 total points
ID: 33688380
what do u mean with "monitor all http trafic" ?
u wanna log every http-request made by your users?
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 56 total points
ID: 33688476
cacti.net is a more robust tool and could be simpler than dealing with MRTG configs.

Depending on the router and whether you are talking about setting up a transparent proxy with WCCP. i.e. any request to port 80 on either router will get transparently redirected to a proxy server.  the proxy server's logs can than be audited.
The distribution of the outgoing requests would have to be configured by assigning static routes on the proxy with two interfaces, or have a routing protocol/broadcast to direct the request to the correct device.
If you have two routers each with a different ISP. and they both provide a connection to a firewall that than feeds the LAN, the routing configuration among the routers and the firewall will handle the traffic distribution.

If you have a requirement to maintain copies of all incoming/outgoing emails, this has to be setup on the mailserver.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 20

Assisted Solution

by:Silvers5
Silvers5 earned 56 total points
ID: 33688486
You need to monitor the bandwidth or intercept the traffic?
For interception you can use websense, while for traffic bandwidth MRTG is ok
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33689033
0
 
LVL 5

Assisted Solution

by:giovannicoa
giovannicoa earned 55 total points
ID: 33690380
Hi,

Use a proxy server for HTTP traffic monitoring and statistical reports.

For the HTTP part Endian Firewall can be the useful. It's also free.

What do you need to do is to Install Endian Firewall as you internet gateway and expose it with NAT to the internet. Configure the HTTP proxy section and make your workstations using the proxy for browsing the internet.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33690596
beside squid i use sarg http://sarg.sourceforge.net/
Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. I suggest that you use sarg for analyzing squid log files. Sarg will analyze the log file and generate the reports like access time, top downloads, etc.
0
 

Author Comment

by:asugri
ID: 33879865
All,  

Sorry not getting back to this issue for a while.   I need to digest a little bit regarding all the provided info.  Thanks.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33886899
0
 

Assisted Solution

by:m76543
m76543 earned 56 total points
ID: 34612481
Essentially you need NTOP monitoring and POP3+SMTP proxy services.  NTOP will monitor specified links providing very indepth statistics of the traffic.

The two proxy services will allow you to monitor and A/V the mail incoming and outgoing.  In ENDIAN these are found under the tab "PROXY", for the NTOP go to tab "SERVICES" and then menu choice "Traffic Monitoring". I found that the default system did not allow me to get it to monitor the RED Internet interfaces, so I editing in Linux the file /etc/ntop/etc/ntop.conf to include the extra interfaces.
see here for more info on doing that.

All of these (and more) are provided in many community firewalls such as ENDIAN.
http://www.endian.com/en/community/overview/

ENDIAN community supports upto 4 interfaces, I would recommend:
2 you could assign for the Internet T1 connections (known as RED)
1 for the first internal router interface (known as GREEN)
1 for the second internal router interface (known as BLUE)

I expect you will need to define some routes as the Endian is in the "hub" of your links and routers.  Define the routes in tab "Network", menu "Routing", tab "Policy Routing".

You may find that there is no need to even use your two routers once the Endian goes in!  IF you wish to do that then us the "FIREWALL" tab to define all the rules.

cheers Michael
0
 

Author Comment

by:asugri
ID: 35380520
I don't have time to test out the suggestions.  Will try to visit this topic in the future.  Thank you all for the help.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
policy based routing with recursive added - Cisco 1 62
Impact of disabling SMB v1 on Mac and Linux clients 4 691
VOIP gateways - feedback 23 65
Linux 3 34
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Fine Tune your automatic Updates for Ubuntu / Debian
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question