The best product for that is called "MRTG" (for Multi-Router Traffic Grapher).
A copy of it is in contrib on the Red Hat FTP site. It is a little involved to
set up, but once it is set up, you can get beautiful graphs of network usage
through the router (you'll need to create a web page to link to them, though).
Then you can check your logs to see if you got anything suspicious. For
example, I found out that my (former) boss had been browsing sex sites and one
site silently downloaded a Java applet that apparently sent out sex SPAM
unknown to him. I spotted it by seeing a huge burst of outgoing data on my MRTG
graphs. My first thought was "Oh gawd we've been hacked!". A quick rpm -V
soothed that fear. My second thought was "Oh gawd we've been used as a spam
relay!". A quick check of the mail log files soothed that -- but also indicated
that at the time of the blue-line special, a lot of mail was getting forwarded
from 192.168.0.5, a Windows 95 machine on our local network that, voila,
belongs to my boss. A check at the HTTP proxy log file on the firewall showed
lots of hits to sites like "www.sexkitten.com" and "www.sexxx.com". That's when
I ambled down the hallway to ask my boss whether something strange had happened
while he was browsing porn sites :-). (He said he was doing research to see
which sites he needed to block his grandchildren from seeing :-). That's when
he told me about the runaway Java applet that he couldn't get to go away (it
kept replicating itself) and finally he went and ate dinner while it was still
running...
Anyhow. Get MRTG. Nice product.
--
Eric Lee Green [EMAIL PROTECTED] Myself @ Home
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
