Hi all - [Summary: What tool is best for traffic monitoring down to the per-user level?]
Just wondered if anyone could point me in the right direction so that I can build a positive image of Debian within the organisation I work for. The company's nothing exciting - we make cookers :-) The IT guy there would like to be able to see who's using our intra-site bandwidth up, and on what task. Traffic breakdown by time, user (hence IP, I suppose) and port would be my best guess. All traffic goes through an MS proxy server at this site (and traffic going that way is all we're concerned about at this juncture) and then through a Cisco router on the way to the remote site. He'd like a solution that involves installing a piece of software on his local PC and nothing else, but I'm not so easily satisfied. I want to (and I think I can convince him to let me) install a low-end box between either the network and the proxy, the proxy and the router, or the router and the remote site. I'd like to get a Debian box in there, and I'd appreciate some help with what I should be looking to put it on there. I've been looking at MRTG, but can't see (remembering that I'm not in a position to try stuff out at work to see if it works :-|) a way to break the reports down by source/destination IP address. Am I missing something? If not, and MRTG just isn't the tool for this job, then what is? I'm not averse to a bit of perl/whatever hacking, but would like to use an existing tool if it's out there! Any ideas? On-list, please. Thanks! jc
