Solved

How to monitor Internet (and email) traffic?

Posted on 2010-09-15
11
1,077 Views
Last Modified: 2012-05-10
Hi there,

We are a small company having two routers, which have static IP from T1 provider.  What is needed in order to monitor ALL http trafic?  Is it possible to get something (hardware and/or software) sitting on top of the two routers or individual router for such monitoring purpose?  

Our mail server is managed by an outside cotractor.  Is monitoring email in and out possible?

Thanks for the suggestions in advance.
0
Comment
Question by:asugri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 12

Accepted Solution

by:
Chris Staunton earned 56 total points
ID: 33687908
MTRG can monitor traffic for you.  Just google MRTG and you'll find the link to the site with examples of what it can do for you.  MRTG can run under linux or even windows.
0
 
LVL 3

Assisted Solution

by:dr-evil
dr-evil earned 56 total points
ID: 33688380
what do u mean with "monitor all http trafic" ?
u wanna log every http-request made by your users?
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 56 total points
ID: 33688476
cacti.net is a more robust tool and could be simpler than dealing with MRTG configs.

Depending on the router and whether you are talking about setting up a transparent proxy with WCCP. i.e. any request to port 80 on either router will get transparently redirected to a proxy server.  the proxy server's logs can than be audited.
The distribution of the outgoing requests would have to be configured by assigning static routes on the proxy with two interfaces, or have a routing protocol/broadcast to direct the request to the correct device.
If you have two routers each with a different ISP. and they both provide a connection to a firewall that than feeds the LAN, the routing configuration among the routers and the firewall will handle the traffic distribution.

If you have a requirement to maintain copies of all incoming/outgoing emails, this has to be setup on the mailserver.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 20

Assisted Solution

by:Silvers5
Silvers5 earned 56 total points
ID: 33688486
You need to monitor the bandwidth or intercept the traffic?
For interception you can use websense, while for traffic bandwidth MRTG is ok
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33689033
0
 
LVL 5

Assisted Solution

by:giovannicoa
giovannicoa earned 55 total points
ID: 33690380
Hi,

Use a proxy server for HTTP traffic monitoring and statistical reports.

For the HTTP part Endian Firewall can be the useful. It's also free.

What do you need to do is to Install Endian Firewall as you internet gateway and expose it with NAT to the internet. Configure the HTTP proxy section and make your workstations using the proxy for browsing the internet.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33690596
beside squid i use sarg http://sarg.sourceforge.net/
Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. I suggest that you use sarg for analyzing squid log files. Sarg will analyze the log file and generate the reports like access time, top downloads, etc.
0
 

Author Comment

by:asugri
ID: 33879865
All,  

Sorry not getting back to this issue for a while.   I need to digest a little bit regarding all the provided info.  Thanks.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 165 total points
ID: 33886899
0
 

Assisted Solution

by:m76543
m76543 earned 56 total points
ID: 34612481
Essentially you need NTOP monitoring and POP3+SMTP proxy services.  NTOP will monitor specified links providing very indepth statistics of the traffic.

The two proxy services will allow you to monitor and A/V the mail incoming and outgoing.  In ENDIAN these are found under the tab "PROXY", for the NTOP go to tab "SERVICES" and then menu choice "Traffic Monitoring". I found that the default system did not allow me to get it to monitor the RED Internet interfaces, so I editing in Linux the file /etc/ntop/etc/ntop.conf to include the extra interfaces.
see here for more info on doing that.

All of these (and more) are provided in many community firewalls such as ENDIAN.
http://www.endian.com/en/community/overview/

ENDIAN community supports upto 4 interfaces, I would recommend:
2 you could assign for the Internet T1 connections (known as RED)
1 for the first internal router interface (known as GREEN)
1 for the second internal router interface (known as BLUE)

I expect you will need to define some routes as the Endian is in the "hub" of your links and routers.  Define the routes in tab "Network", menu "Routing", tab "Policy Routing".

You may find that there is no need to even use your two routers once the Endian goes in!  IF you wish to do that then us the "FIREWALL" tab to define all the rules.

cheers Michael
0
 

Author Comment

by:asugri
ID: 35380520
I don't have time to test out the suggestions.  Will try to visit this topic in the future.  Thank you all for the help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question