From owner-freebsd-questions Fri Feb 9 11:34:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from topsecret.net (unknown [216.19.133.97]) by hub.freebsd.org (Postfix) with SMTP id 6CE5C37B69D for ; Fri, 9 Feb 2001 11:34:06 -0800 (PST) Received: from pacific.net128.101.101.10.in-addr.arpa by topsecret.net with SMTP (MDaemon.v2.7.SP5.R) for ; Fri, 09 Feb 2001 14:32:19 -0500 Date: Fri, 9 Feb 2001 14:31:44 -0500 (EST) From: "[gill]" X-Sender: gill@pacific.int.topsecret.net To: Odhiambo Washington Cc: FBSD-Q Subject: Re: Traffic Logging In-Reply-To: <20010209190746.A14093@poeza.iconnect.co.ke> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-MDaemon-Deliver-To: freebsd-questions@FreeBSD.ORG X-Return-Path: gill@topsecret.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, if you are pretty sure that it is one offender you might easily see who with ntop (in the ports/net/) and you might use iplog to log everything. A combination of the two might be just the ticket. --gill -- This is my ~/.signature file. It is the digital equivalent of a bumpersticker. Remember? When you said: ->Hi, ->I setup a FreeBSd gateway using ppp on a dedicated leased line for one of my clients. I need to catch a culprit who (ab)uses ->the link by clogging it with data. This culprit makes the link respond so slowly and on the radius accounting at our NAS server ->I found that upto 2GB of traffic pass through that gw in a month. I do not do that much traffic even on my 128K uplink. ->The network has some 20-something PCs all running Windows. -> ->I'm looking for suggestions that will help me account for all traffice in/out of every host on that network so that at the ->end of the month I can get a report that hostx sent/rcvd this much of data, hostY so much and hostZ so much. -> ->If there is an easy way i'd love it but also if there is some harder way I'll also wanna hear about it. -> ->Thanking you in advance. -> ->-Wash -> ->-- ->Odhiambo Washington Inter-Connect Ltd., ->wash@iconnect.co.ke 5th Flr Furaha Plaza ->Tel: 254 11 222604 Nkrumah Rd., ->Fax: 254 11 222636 PO Box 83613 MOMBASA, KE. -> ->A tart temper never mellows with age; and a sharp tongue is the only edged ->tool that grows keener with constant use. -> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message