Hi,

I have been assign a job to Track down the internet usage of complete office. Currently we have CentOs Server 4.3 on Intel P4 Dual Core processor with 1 GB ram running as Internet Gateway server for my office.

Also we are tracking web access through (http) request using Squid and blocking unwanted trafice using SquidGuard. But I wonder if squid is capable of tracking all outgoing and incoming requests?

i.e. we are web development company and lot of us do FTP, SSH, Windows Desktop sharing, news group, emails etc etc. Now we want to same functionality that squid and squid gaurd provide for http request.

Please suggest a way and software (open source preferred, paid software works but if doesn't cost too much ) )

Thanks

Hrm on the paid side i would say Secure computings smartfilter.. but they don't support Centos only RHEL.. I tried to demo thir software using centos and they refused to help me get it working.. so I guess that is out..


dansguardian probably similar to squidguard.
http://dansguardian.org/?page=introduction


if you log all outgoing connections you could use something like sawmill to parse the log files and generate reports.. http://www.sawmill.net/


There are a couple other OSS Gateway software solutions that might work as well. ymmv
http://www.astaro.com/features
http://www.clarkconnect.com/solutions/business.php

Good luck !!

Hi,

thanks for telling .. I am testing those software right now and will tell you which one I opt for..

Any one else please suggest any other good software or vote one of the above

Have you considered usind iptables LOG functionality ?

Simple log every packet going in & out into a database and do some reporting ?

No separate software required !

Hi mkirc...
I am not sure about iptable log, and where to find one.. maybe I haven't open logging in my pc...

also does it provide inforamtion on which port is using ethernet card or internet ??

thanks in advance

Hi Vikasumit !

The iptables-log tells you everything, which packet from which address and which ports comes and goes.

The good thing is the bad thing: You get a LOT of information !

First you have to configure iptables, there are many threads in the Network-Forum here !

Usually the log-information goes into a logfile, I've read (not tested so far), that you can reroute the log-information into a mysql-database...which would make the reporting then easier.

What you don't see (afaik) in the iptable-logs is:
URLs (Domain names),
Content of the packages
Size the packages

I you need this kind of information, you probably need a Netsniffer (Etherreal for example).

It might be that there is Software available out there, which combines all this together and helps you identifying who consumes your bandwith.....I am not aware of that, sorry.

That's what Sawmill is for.. if you look at sawmill it's designed to parse log file like mad and generate reports for you.. it can also resolve those IP addressess into URL's when it reports.. very powerful tool, and one that is worth the money they charge for it. (or you can get it for free by doing testing and reporting on it, see their website for details). also amazing is the number and types of differnt log files it supports. so Sawmill should work well with iptables log

Sawmill Supported Log Formats an insanely long list..

Including:
Squid
Squid-guard
iptables
dans guardian
etc..etc..

sample webserver log report