Solved

How to monitor Internet (and email) traffic?

Posted on 2010-09-15
11
1,060 Views
Last Modified: 2012-05-10
Hi there,

We are a small company having two routers, which have static IP from T1 provider.  What is needed in order to monitor ALL http trafic?  Is it possible to get something (hardware and/or software) sitting on top of the two routers or individual router for such monitoring purpose?  

Our mail server is managed by an outside cotractor.  Is monitoring email in and out possible?

Thanks for the suggestions in advance.
0
Comment
Question by:asugri
11 Comments
 
LVL 12

Accepted Solution

by:
Chris Staunton earned 56 total points
ID: 33687908
MTRG can monitor traffic for you.  Just google MRTG and you'll find the link to the site with examples of what it can do for you.  MRTG can run under linux or even windows.
0
 
LVL 3

Assisted Solution

by:dr-evil
dr-evil earned 56 total points
ID: 33688380
what do u mean with "monitor all http trafic" ?
u wanna log every http-request made by your users?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 56 total points
ID: 33688476
cacti.net is a more robust tool and could be simpler than dealing with MRTG configs.

Depending on the router and whether you are talking about setting up a transparent proxy with WCCP. i.e. any request to port 80 on either router will get transparently redirected to a proxy server.  the proxy server's logs can than be audited.
The distribution of the outgoing requests would have to be configured by assigning static routes on the proxy with two interfaces, or have a routing protocol/broadcast to direct the request to the correct device.
If you have two routers each with a different ISP. and they both provide a connection to a firewall that than feeds the LAN, the routing configuration among the routers and the firewall will handle the traffic distribution.

If you have a requirement to maintain copies of all incoming/outgoing emails, this has to be setup on the mailserver.
0
 
LVL 20

Assisted Solution

by:Silvers5
Silvers5 earned 56 total points
ID: 33688486
You need to monitor the bandwidth or intercept the traffic?
For interception you can use websense, while for traffic bandwidth MRTG is ok
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33689033
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Assisted Solution

by:giovannicoa
giovannicoa earned 55 total points
ID: 33690380
Hi,

Use a proxy server for HTTP traffic monitoring and statistical reports.

For the HTTP part Endian Firewall can be the useful. It's also free.

What do you need to do is to Install Endian Firewall as you internet gateway and expose it with NAT to the internet. Configure the HTTP proxy section and make your workstations using the proxy for browsing the internet.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33690596
beside squid i use sarg http://sarg.sourceforge.net/
Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. I suggest that you use sarg for analyzing squid log files. Sarg will analyze the log file and generate the reports like access time, top downloads, etc.
0
 

Author Comment

by:asugri
ID: 33879865
All,  

Sorry not getting back to this issue for a while.   I need to digest a little bit regarding all the provided info.  Thanks.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33886899
0
 

Assisted Solution

by:m76543
m76543 earned 56 total points
ID: 34612481
Essentially you need NTOP monitoring and POP3+SMTP proxy services.  NTOP will monitor specified links providing very indepth statistics of the traffic.

The two proxy services will allow you to monitor and A/V the mail incoming and outgoing.  In ENDIAN these are found under the tab "PROXY", for the NTOP go to tab "SERVICES" and then menu choice "Traffic Monitoring". I found that the default system did not allow me to get it to monitor the RED Internet interfaces, so I editing in Linux the file /etc/ntop/etc/ntop.conf to include the extra interfaces.
see here for more info on doing that.

All of these (and more) are provided in many community firewalls such as ENDIAN.
http://www.endian.com/en/community/overview/

ENDIAN community supports upto 4 interfaces, I would recommend:
2 you could assign for the Internet T1 connections (known as RED)
1 for the first internal router interface (known as GREEN)
1 for the second internal router interface (known as BLUE)

I expect you will need to define some routes as the Endian is in the "hub" of your links and routers.  Define the routes in tab "Network", menu "Routing", tab "Policy Routing".

You may find that there is no need to even use your two routers once the Endian goes in!  IF you wish to do that then us the "FIREWALL" tab to define all the rules.

cheers Michael
0
 

Author Comment

by:asugri
ID: 35380520
I don't have time to test out the suggestions.  Will try to visit this topic in the future.  Thank you all for the help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now