LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-01-2014, 11:34 AM   #1
rubberducky
Member
 
Registered: Sep 2009
Posts: 46

Rep: Reputation: 20
Network monitoring. Best way?


I have 5 locations, and at each one my network topography is this:

['teh interwebz']/[vpn] <- [vpn router] <- [switch] <- [host pc's running win]

I want to insert a ubuntu box in the middle running squid to monitor user activity. Not sure how to go about this though, especially with the VPN and router I use.
Can anyone help? Perhaps point me in the right direction? Tell me of a good beer they've tried?

thanks!
 
Old 05-01-2014, 12:40 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,233

Rep: Reputation: 1296Reputation: 1296Reputation: 1296Reputation: 1296Reputation: 1296Reputation: 1296Reputation: 1296Reputation: 1296Reputation: 1296
I have a CentOS box running OpenVPN in place of your router on my home network. It also runs IPTables firewall rules, dynamic DNS client and some other services. I've seen similar setups running squid.

As for beer, if you like hoppy beers try Jack's Abby - Hoponious Union.
 
1 members found this post helpful.
Old 05-01-2014, 07:25 PM   #3
rubberducky
Member
 
Registered: Sep 2009
Posts: 46

Original Poster
Rep: Reputation: 20
I'd rather not replace my routers, due to the fact that A) thats 5 of them I've got to replace (im lazy), and B) I haven't been able to get openvpn to play well with netgear. Any other way? any way I can just chuck a second nic card into a box and have iptables pass the data from one card to the next and logging it along the way?

Love hoppy beers. I'll check that out next time I'm at bevmo!
 
Old 05-02-2014, 10:31 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,336

Rep: Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091
Quote:
Originally Posted by rubberducky View Post
I have 5 locations, and at each one my network topography is this:

['teh interwebz']/[vpn] <- [vpn router] <- [switch] <- [host pc's running win]

I want to insert a ubuntu box in the middle running squid to monitor user activity. Not sure how to go about this though, especially with the VPN and router I use. Can anyone help? Perhaps point me in the right direction?
If all 5 locations are being sent to one central location before going to the Internet, then put your squid/monitor server in place between the VPN and Internet. However, if all five of your locations have separate Internet connections, you could put a squid box at each site, and configure Sarg to run reports on each of them.

This assumes that by 'network monitoring', you just mean web-traffic monitoring. If you're talking about traffic and bandwidth statistics, that's a different thing, and Squid isn't much use for that at all. That's more a job for MRTG and SNMP on the routers.
Quote:
Tell me of a good beer they've tried?
Well..we've got six breweries here in town...and several more within an easy drive, but those are just local brews. Unless you live near Alabama, your chances of getting them are slim...they can hardly keep up with demand for our state, much less ship.

That said, and given that you like hoppy beers, my current all-time favorite is from Brash brewing (Mass., I believe), "The Bollocks" Imperial IPA. Awesome.
 
2 members found this post helpful.
Old 05-02-2014, 11:42 PM   #5
rubberducky
Member
 
Registered: Sep 2009
Posts: 46

Original Poster
Rep: Reputation: 20
Quote:
This assumes that by 'network monitoring', you just mean web-traffic monitoring. If you're talking about traffic and bandwidth statistics, that's a different thing, and Squid isn't much use for that at all. That's more a job for MRTG and SNMP on the routers.
The routers needed for that are above my budget. However I do have a bunch of nic cards floating around with some extra old PC's. What can I do with those?

Quote:
That said, and given that you like hoppy beers, my current all-time favorite is from Brash brewing (Mass., I believe), "The Bollocks" Imperial IPA. Awesome.
Ah IPA. Gotta love firestone. Or, should you be on a budget, like myself, you can pick up some 3rd shift. Good quality IPA for cheap
 
Old 05-03-2014, 12:02 PM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,336

Rep: Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091
Quote:
Originally Posted by rubberducky View Post
The routers needed for that are above my budget. However I do have a bunch of nic cards floating around with some extra old PC's. What can I do with those?
You can pretty much monitor ANY router with SNMP. You should just have to enable SNMP, set your community strings, and that's it. Have you checked the manual on your routers? And ARE you trying to monitor bandwidth/usage, or just HTTP?? You haven't said, nor have you said if all 5 locations are running through one central location out to the Internet, or if you have five separate connections.

There are many tutorials on how to configure a Linux system as a router, depending on your version/distro of Linux, but all that's really going to get you is what you already probably have: a router you can query via SNMP.
Quote:
Ah IPA. Gotta love firestone. Or, should you be on a budget, like myself, you can pick up some 3rd shift. Good quality IPA for cheap
We have two here in town that can. Good People cans both their IPA and double-IPA, and Avondale brewing does theirs as well. Cheaper than 3rd shift, too.
 
1 members found this post helpful.
Old 05-03-2014, 02:46 PM   #7
rubberducky
Member
 
Registered: Sep 2009
Posts: 46

Original Poster
Rep: Reputation: 20
Quote:
You can pretty much monitor ANY router with SNMP. You should just have to enable SNMP, set your community strings, and that's it. Have you checked the manual on your routers?
Ah ha, you sir are awesome. This is the first time I've tried to use this. Last time I had an ubuntu gateway/firewall/monitor so this time I'll try this.
Quote:
And ARE you trying to monitor bandwidth/usage, or just HTTP?? You haven't said, nor have you said if all 5 locations are running through one central location out to the Internet, or if you have five separate connections.
Trying to monitor web usage. Trying to differentiate between those who use facebook all day, and those who check it on their lunch break, and those who are downloading porn. Also, all use separate internet connections.

Quote:
We have two here in town that can. Good People cans both their IPA and double-IPA, and Avondale brewing does theirs as well. Cheaper than 3rd shift, too.
I. Love. This. Website. The only site I know where you can have a serious conversation regarding networking, right before talking about beer.
 
Old 05-03-2014, 03:49 PM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,336

Rep: Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091Reputation: 8091
Quote:
Originally Posted by rubberducky View Post
Ah ha, you sir are awesome. This is the first time I've tried to use this. Last time I had an ubuntu gateway/firewall/monitor so this time I'll try this.

Trying to monitor web usage. Trying to differentiate between those who use facebook all day, and those who check it on their lunch break, and those who are downloading porn. Also, all use separate internet connections.
Ahh...so if it's web usage only, then never mind about SNMP and MRTG. While that WILL give you stats, it won't tell you what sites are being visited. Squid is the way to go, along with Sarg (for reporting), and dansguardian (for filtering). Shove a single box between your Internet connection and your internal network, and proxy your HTTP traffic through it.

That said, you are opening an can of worms. Squid does http...NOT https, ftp, ssh, or any other protocol. Bittorrent either...if you have concerns about ANY of that, you're going to rapidly stray into a complex area.
Quote:
I. Love. This. Website. The only site I know where you can have a serious conversation regarding networking, right before talking about beer.
They (FINALLY) changed the ridiculous beer laws in Alabama a few years back. Now, the brewing industry brings $3 BILLION a year into the state, and we've got at least 15 breweries I can think of...six in Birmingham alone. And one of the top 25 beer bars in the US.

If anything can make you want beer, babysitting users on a network will.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Network tools for monitoring network traffic the_gripmaster Linux - Networking 2 10-24-2012 10:14 PM
NTOP network monitoring and placement on network metallica1973 Linux - Networking 2 01-07-2011 04:25 PM
Network monitoring uwa45 Linux - Networking 5 09-02-2009 10:28 AM
network monitoring:unable to launch nagios network monitoring system oladapo1980 Linux - Newbie 0 07-21-2009 02:45 PM
network monitoring saavik Linux - Networking 7 05-27-2008 02:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration