traffic monitoring
Brent Bice
bbice at sgi.com
Thu Aug 7 13:42:36 CDT 2008
J. Epperson wrote:
> Ammad's description indicates that the squid server is a device that can
> see all of the traffic destined for the Internet. It appears to be doing
> proxy/NAT for all of the traffic. Have a look at
> http://sarg.sourceforge.net/sarg.php
> or a Squid traffic analysis tool. I've not used it personally, but have
> heard good things from colleagues and on discussion groups.
Snort is really good stuff. I heartily recommend it. Like many
OpenSource projects, though, some assembly is required to get full use
out of it. It'll probably take some tweaking of the rules (or at least
determining what groups of rules you do or don't want to use) to reduce
the number of false-positives to a reasonable level. Definitely worth
the effort though. :-)
And when you use snort with a nice front-end to analyze the results
like "base", you can get some pretty impressive results. With a little
more time reading the docs you can even write your own rules to look for
very specific network traffic. Neat stuff...
Brent
More information about the Linux-PowerEdge
mailing list