Hi,
My name is Shane. I have been on this list before
about 18 months ago and dropped off for lack of time.
I have a little IT company which does development
work using Lotus Notes, Dot Net, C#, Java. We work with Linux and Windows,
administrating sites, looking after PC's etc.
Most of our sites have IP Cop firewalls in place,
we are using Dans guardian and Spam assassin at times. Many of our sites are
also using Samba for file serving. Our Lotus Domino servers are mostly run off
Linux boxes. Some of our clients are looking at full Linux desktops but none are
there yet. We also deal with Mac, mainly OSX as required, another version of a
*nix system. At the office we run a 50 / 50
mixture of Linux and Windows based machines.
Anyway, that's me and the business.
My question ... (at least I cant be accused of
being a lurker now :-) )
One of our clients had a huge Internet blow out
last month. We have IP Cop in place running Squid, with logs turned on and no
holes in the fire wall. I know internally we are not virused and there is no
malware / spyware present. Their normal usage is between 4 and 6 Gb per month,
last month was a massive 15GB. blow out.
Using IP Cop I can see what days we did most of the
traffic. Squid tells me who went where, the traffic charts show me the speed we
did stuff at but there is no where I can find any way of getting what IP address
did how much traffic and when.
I have been looking at a few products to remedy
this and am tightening the firewall to stop stuff going out, as well as in now.
Trust in the workers to use the system properly suddenly evaporated in the
managers minds so they want some IP traffic accounting put in place to see who
is using how much and when and why.
Any ideas on what is the best way to log this kind
of traffic volume by individual lan ip address or user log on, especially using
IP Cop. At present the best option seems to be putting yet another computer in
place that uses a traffic counter and accounting.
If you know of something with logging, throttling
by volume and or mail alerts it would be appreciated.
Cheers and hello
Shane
