Re: Syslog to monitor traffic


"Scooby" <mmscooby1@xxxxxxxxxxxxx> wrote in message
news:4635e110$0$20099$ec3e2dad@xxxxxxxxxxxxxxxxxxxxxxxxx
"Marc" <mhmuray@xxxxxxxxx> wrote in message
news:133bnfsk7pp5m27@xxxxxxxxxxxxxxxxxxxxx

"Marc" <mhmuray@xxxxxxxxx> wrote in message
news:1339np09ratvoa2@xxxxxxxxxxxxxxxxxxxxx

"Rod Dorman" <rodd@xxxxxxxxx> wrote in message
news:f12il0$mui$1@xxxxxxxxxxxxxxxxxxxx
In article <1339aub1lftc85c@xxxxxxxxxxxxxxxxxx>,
Marc <mhmuray@xxxxxxxxx> wrote:
Is Kiwi Syslog the best thing out there to monitor traffic on my 837
ADSL
router?

Kiwi Syslog is a fairly good syslog for MS-Windows platforms. It logs
system messages that hosts send it, it doesn't monitor anything.

Any suggestions for good traffic monitoring software?

What is it that you want to monitor? Are you looking for packet
capturing or something else?

--
-- Rod --
rodd(at)polylogics(dot)com

I'm looking to monitor, in real time, all TCP, UDP traffic outside - in.
Or at least something I can refer to in a log as close to real-time as
possible.

Anyone?


I'm having a hard time trying to figure out exactly what you are looking
for and expecting to see. If you just want to see something like bandwidth
gauges/charts, an SNMP based product would probably suit you. MRTG is a
nice freeware one. I like the Solarwinds toolsets. However, that does
not provide the granularity of determining what is TCP and what is UDP.

If you want something that shows detail of flows, a Netflow product is
probably your best solution. However, most of them tend to be
logging/reporting applications rather than real time. I don't know of any
freeware Netflow products and you can drop some money on them. Or, if you
don't care about historical reports, you can just view the flows on the
router with 'sh ip cache flow'.

So, what exactly are you trying to accomplish by monitoring the traffic?


Specifically what the GUI for firewalls like CheckPoint do.

Example:
Source Destination
Protocol Action
05:53:18 73.103.154.20 83.95.34.98 TCP, UDP or
HTTP Blocked or Allowed

I want to watch this in real time. I don't mind paying for software that
will do it.


.

Relevant Pages

  • Re: wanted: images of compromised systems
    ... > connection attempts coming in to another machine only for the purpose ... > You can watch it all in real time with something like Iptraf. ... > and only open ports you specificaly want to monitor for activity. ... how do you practice something like this without faking the system yourself ...
    (comp.os.linux.security)
  • Re: Syslog to monitor traffic
    ... Kiwi Syslog is a fairly good syslog for MS-Windows platforms. ... It logs ... system messages that hosts send it, it doesn't monitor anything. ... router with 'sh ip cache flow'. ...
    (comp.dcom.sys.cisco)
  • Re: Syslog to monitor traffic
    ... Kiwi Syslog is a fairly good syslog for MS-Windows platforms. ... It logs ... system messages that hosts send it, it doesn't monitor anything. ... I'm looking to monitor, in real time, all TCP, UDP traffic outside - ...
    (comp.dcom.sys.cisco)
  • Re: Syslog to monitor traffic
    ... Kiwi Syslog is a fairly good syslog for MS-Windows platforms. ... It logs ... system messages that hosts send it, it doesn't monitor anything. ...
    (comp.dcom.sys.cisco)
  • Re: Syslog to monitor traffic
    ... Kiwi Syslog is a fairly good syslog for MS-Windows platforms. ... It logs ... system messages that hosts send it, it doesn't monitor anything. ...
    (comp.dcom.sys.cisco)