Re: Syslog to monitor traffic


~ "Marc" <mhmuray@xxxxxxxxx> wrote in message
~ news:133bqmamh8pej55@xxxxxxxxxxxxxxxxxxxxx
~ >
~ > "Scooby" <mmscooby1@xxxxxxxxxxxxx> wrote in message
~ > news:4635e110$0$20099$ec3e2dad@xxxxxxxxxxxxxxxxxxxxxxxxx
~ >> "Marc" <mhmuray@xxxxxxxxx> wrote in message
~ >> news:133bnfsk7pp5m27@xxxxxxxxxxxxxxxxxxxxx
~ >>>
~ >>> "Marc" <mhmuray@xxxxxxxxx> wrote in message
~ >>> news:1339np09ratvoa2@xxxxxxxxxxxxxxxxxxxxx
~ >>>>
~ >>>> "Rod Dorman" <rodd@xxxxxxxxx> wrote in message
~ >>>> news:f12il0$mui$1@xxxxxxxxxxxxxxxxxxxx
~ >>>>> In article <1339aub1lftc85c@xxxxxxxxxxxxxxxxxx>,
~ >>>>> Marc <mhmuray@xxxxxxxxx> wrote:
~ >>>>>>Is Kiwi Syslog the best thing out there to monitor traffic on my 837
~ >>>>>>ADSL
~ >>>>>>router?
~ >>>>>
~ >>>>> Kiwi Syslog is a fairly good syslog for MS-Windows platforms. It logs
~ >>>>> system messages that hosts send it, it doesn't monitor anything.
~ >>>>>
~ >>>>>>Any suggestions for good traffic monitoring software?
~ >>>>>
~ >>>>> What is it that you want to monitor? Are you looking for packet
~ >>>>> capturing or something else?
~ >>>>>
~ >>>>> --
~ >>>>> -- Rod --
~ >>>>> rodd(at)polylogics(dot)com
~ >>>>
~ >>>> I'm looking to monitor, in real time, all TCP, UDP traffic outside -
~ >>>> in. Or at least something I can refer to in a log as close to real-time
~ >>>> as possible.
~ >>>
~ >>> Anyone?
~ >>>
~ >>
~ >> I'm having a hard time trying to figure out exactly what you are looking
~ >> for and expecting to see. If you just want to see something like
~ >> bandwidth gauges/charts, an SNMP based product would probably suit you.
~ >> MRTG is a nice freeware one. I like the Solarwinds toolsets. However,
~ >> that does not provide the granularity of determining what is TCP and what
~ >> is UDP.
~ >>
~ >> If you want something that shows detail of flows, a Netflow product is
~ >> probably your best solution. However, most of them tend to be
~ >> logging/reporting applications rather than real time. I don't know of
~ >> any freeware Netflow products and you can drop some money on them. Or,
~ >> if you don't care about historical reports, you can just view the flows
~ >> on the router with 'sh ip cache flow'.
~ >>
~ >> So, what exactly are you trying to accomplish by monitoring the traffic?
~ >>
~ >
~ > Specifically what the GUI for firewalls like CheckPoint do.
~ >
~ > Example:
~ > Source Destination Protocol
~ > Action
~ > 05:53:18 73.103.154.20 83.95.34.98 TCP, UDP or
~ > HTTP Blocked or Allowed
~ >
~ > I want to watch this in real time. I don't mind paying for software that
~ > will do it.
~ Lost the formatting of my example. Basically I want to watch incoming and
~ outgoing traffic in real time. Know the source, destination, protocol and
~ action taken (blocked, allowed, etc.) If there's a good software out there,
~ I'm happy to pay for it.

Debug nat, logging to the syslog server of your choice, would do the needful,
I think.

Aaron
.