I have a few suggestions for what you are doing. Firstly, I would setup logging on your Cisco router (I.E. Syslog). You can find a free syslog daemon at www.kiwisyslog.com. They do have a syslog log viewer for their own software. Another source for syslog that is good is www.winsyslog.com/en/. They also have other software that is definitely worth a peek.
Without an actual firewall, reporting can be a bit tricky because I do not know of a report writer for a Router only. If you did have a firewall, I would point you to RNR Software (affiliated or same company as Kiwi, not quite sure) at www.rnrsoft.com. They have a decent report writer for the PIX and the SonicWall firewall reporting to syslogs. And it is more than affordable. I would strongly advise you consider implementing both hardware and software based firewalls plus a NIDS though. You can't be too careful with the internet these days. But that is a subject for many other e-mails. :-) If you do not go the firewall route, you can get good reporting if you wanted to put together a proxy. Again, subject for many more e-mails. Now, for bandwidth utilization, cpu processes, free memory and a wealth of other reports, you can't beat MRTG (www.mrtg.org). MRTG is a free utility you can download and install on Win or *nix. Using the Cisco's SNMP capabilities, you can glean tons of information using imbedded MIB's and OID's. What MRTG does is poll your router (or any other device using SNMP) at a specified interval (default is 5 minutes) and it compiles a log file of whatever you tell it to monitor, in this case bandwidth. Then, it generates an HTML page with PNG images of your various usage (daily, weekly, monthly, yearly). Now, when pulling data from multiple sources, the process is not very streamlined. But fear not, read on! I would highly suggest you consider implementing MRTG first to make sure you get the hang of it, then I would suggest that you install the RRD Tool (http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/) and one of the many CGI tools available off of links from MRTG. The RRD Tool takes a burden off of your CPU by polling data from MRTG as a backend and populating the results in an RRD database. Then, by using a CGI Script (such as 14all or routers.cgi), you can dynamically create an image upon the web page request to view the usage rather than having MRTG create an image ever 5 minutes (or however often you poll the device). It is much leaner on your monitoring station's CPU as I stated. I would also like to suggest you use "Mr. Daemon" from (http://www.geocities.com/mrtg_daemon/) or Firedaemon (www.firedaemon.com) to create a service out of your MRTG polling. It is much more user friendly if your monitoring station goes offline on a Win platform, unless you like writing bat files or working in a crontab. Mr. Daemon can be added to your startup folder, but Firedaemon allows you to install MRTG (or any other program you have) as a service in Win which makes MRTG manageable through your Services console. Now before you try any of this though, I highly recommend you read up on Cisco's SNMP vulnerability. Many posts have been sent to this list serv and others regarding the SNMP vulnerability discovered about 3-4 weeks ago. You need to make sure the IOS version of your router is up to spec with the latest Cisco in-line upgrade that they offer for free. You have to go through Cisco TAC to get the free upgrade though if you do not have a support contract. Ok, that concludes Volume 1 of this post. :-) There are newsgroups dedicated to some of the software I have mentioned above. All of the sites have support available in some measure. Best of luck to you! Bejon Parsinia -----Original Message----- From: Guilherme Chapiewski [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 09, 2002 4:01 AM To: Security Focus Subject: Report Software I work at a company that have no control of its internet usage. I want some access report like sites visited, bandwidth used, and would be very nice if I could set quota, deny or permit sites, etc. I tried Websense but it is kinda simple. I have Solaris and Win2K servers. My router is a Cisco and I have no hard firewall. Any tips? Thanks, Guilherme Chapiewski
