On Mon, May 19, 2003 at 08:18:42PM +0000, Jonathan Matthews wrote: > Hi all - > > [Summary: What tool is best for traffic monitoring down to the per-user > level?] > > Just wondered if anyone could point me in the right direction so that I > can build a positive image of Debian within the organisation I work for. > The company's nothing exciting - we make cookers :-) > > The IT guy there would like to be able to see who's using our intra-site > bandwidth up, and on what task. Traffic breakdown by time, user (hence > IP, I suppose) and port would be my best guess. > > All traffic goes through an MS proxy server at this site (and > traffic going that way is all we're concerned about at this juncture) > and then through a Cisco router on the way to the remote site. > > He'd like a solution that involves installing a piece of software on his > local PC and nothing else, but I'm not so easily satisfied. I want to > (and I think I can convince him to let me) install a low-end box between > either the network and the proxy, the proxy and the router, or the > router and the remote site. I'd like to get a Debian box in there, and > I'd appreciate some help with what I should be looking to put it on > there. > > I've been looking at MRTG, but can't see (remembering that I'm not in a > position to try stuff out at work to see if it works :-|) a way to break > the reports down by source/destination IP address. Am I missing > something? > > If not, and MRTG just isn't the tool for this job, then what is? > > I'm not averse to a bit of perl/whatever hacking, but would like to use > an existing tool if it's out there! > > Any ideas? On-list, please. > > Thanks! > jc >
Both ntop <http://www.ntop.org/ntop.html> and iptraf <http://iptraf.seul.org/> should do this. iptraf is lighter on resources, and offer realtime monitoring, ntop is accessed trough an browser, and offers extensive graphs of traffic. It all depends on how low-end this box is. -- Frode Haugsgjerd Norway
