On Thursday 19 March 2009 04:12:09 pm chris (fool) mccraw wrote: > i'm more interested in a > statistical anomaly type of report. "well, you got a thousand SQL > connections in a second from this host that usually trickles 'em in at > 1/hour" or "hmm, ssh leaving *from* one of the firewalled machines" > type of reports.
As I read your note I thought of Arbor Peakflow - which we use where I work. However it is not free. Their website and product description do provide fodder for Googling. http://www.arbornetworks.com/ A potential open source package that might meet your needs is flowscan: http://www.linuxhaxor.net/2008/01/03/flow-based-ip-traffic-analysis-with-flowscan/ Poking around there I see a tool more oriented with reporting on overall traffic profiles - while you are interested in traffic exceptions. Something from this Google (linux netflow) may fit your needs: http://www.google.com/search?hl=en&q=linux+netflow&btnG=Google+Search&aq=f&oq= -- Michael Rasmussen, Portland Oregon Be appropriate && Follow your curiosity http://www.jamhome.us/ The fortune cookie says: He'd been a professional wrestler and his face had been stepped on a couple of times -- and put together again carelessly. -- Ed Lacy (Leonard Zinberg) _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
