Is Kiwi Syslog the best thing out there to monitor traffic on my 837 ADSL router?
Any suggestions for good traffic monitoring software?
Thanks.
Is Kiwi Syslog the best thing out there to monitor traffic on my 837 ADSL router?
Any suggestions for good traffic monitoring software?
Thanks.
Kiwi Syslog is a fairly good syslog for MS-Windows platforms. It logs system messages that hosts send it, it doesn't monitor anything.
What is it that you want to monitor? Are you looking for packet capturing or something else?
I'm looking to monitor, in real time, all TCP, UDP traffic outside - in. Or at least something I can refer to in a log as close to real-time as possible.
Anyone?
I'm having a hard time trying to figure out exactly what you are looking for and expecting to see. If you just want to see something like bandwidth gauges/charts, an SNMP based product would probably suit you. MRTG is a nice freeware one. I like the Solarwinds toolsets. However, that does not provide the granularity of determining what is TCP and what is UDP.
If you want something that shows detail of flows, a Netflow product is probably your best solution. However, most of them tend to be logging/reporting applications rather than real time. I don't know of any freeware Netflow products and you can drop some money on them. Or, if you don't care about historical reports, you can just view the flows on the router with 'sh ip cache flow'.
So, what exactly are you trying to accomplish by monitoring the traffic?
Specifically what the GUI for firewalls like CheckPoint do.
Example: Source Destination Protocol Action
05:53:18 73.103.154.20 83.95.34.98 TCP, UDP or HTTP Blocked or AllowedI want to watch this in real time. I don't mind paying for software that will do it.
Lost the formatting of my example. Basically I want to watch incoming and outgoing traffic in real time. Know the source, destination, protocol and action taken (blocked, allowed, etc.) If there's a good software out there, I'm happy to pay for it.
~ >>>>> Kiwi Syslog is a fairly good syslog for MS-Windows platforms. It logs ~ >>>>> system messages that hosts send it, it doesn't monitor anything. ~ >>>>>
~ >>>>>>Any suggestions for good traffic monitoring software? ~ >>>>>
~ >>>>> What is it that you want to monitor? Are you looking for packet ~ >>>>> capturing or something else? ~ >>>>>
~ >>>>> -- ~ >>>>> -- Rod -- ~ >>>>> rodd(at)polylogics(dot)com ~ >>>>
~ >>>> I'm looking to monitor, in real time, all TCP, UDP traffic outside - ~ >>>> in. Or at least something I can refer to in a log as close to real-time ~ >>>> as possible. ~ >>>
~ >>> Anyone? ~ >>>
~ >>
~ >> I'm having a hard time trying to figure out exactly what you are looking ~ >> for and expecting to see. If you just want to see something like ~ >> bandwidth gauges/charts, an SNMP based product would probably suit you. ~ >> MRTG is a nice freeware one. I like the Solarwinds toolsets. However, ~ >> that does not provide the granularity of determining what is TCP and what ~ >> is UDP. ~ >>
~ >> If you want something that shows detail of flows, a Netflow product is ~ >> probably your best solution. However, most of them tend to be ~ >> logging/reporting applications rather than real time. I don't know of ~ >> any freeware Netflow products and you can drop some money on them. Or, ~ >> if you don't care about historical reports, you can just view the flows ~ >> on the router with 'sh ip cache flow'. ~ >>
~ >> So, what exactly are you trying to accomplish by monitoring the traffic? ~ >>
~ >
~ > Specifically what the GUI for firewalls like CheckPoint do. ~ >
~ > Example: ~ > Source Destination Protocol ~ > Action ~ > 05:53:18 73.103.154.20 83.95.34.98 TCP, UDP or ~ > HTTP Blocked or Allowed ~ >
~ > I want to watch this in real time. I don't mind paying for software that ~ > will do it. ~ Lost the formatting of my example. Basically I want to watch incoming and ~ outgoing traffic in real time. Know the source, destination, protocol and ~ action taken (blocked, allowed, etc.) If there's a good software out there, ~ I'm happy to pay for it.
Debug nat, logging to the syslog server of your choice, would do the needful, I think.
Aaron
That's far too much to watch in real time, even on my single-user 804. What I do is create an access-list and add "log" to transactions I really want to see:
----- access-list 121 remark 3389 is remote desktop access-list 121 permit tcp any eq 3389 any log access-list 121 remark 5900 is VNC access-list 121 permit tcp any eq 5900 any log ... access-list 121 deny ip any any log
-----
set the logging level to include such items:
----- logging buffered 4096 debugging ip access-list log-update threshold 1 logging facility syslog logging 10.1.1.5
-----
and I get entries like this:
----- Mar 26 14:53:50.580 pdt: %SEC-6-IPACCESSLOGP: list 121 denied tcp
166.114.42.49(1157) -> 68.164.169.15(5900), 1 packet-----
That is a VNC in the non-permitted direction, that has fallen through the whole access-list to the "deny ... log" at the bottom.
I can also request summary statistics on matches to each of the access-list lines:
----- // statistics on matches to every access list statement show access-list [list#] // reset access statistics clear access-list counters [list#]
-----
Loren
That's exactly what I would suggest as well, to accomodate the OP's request. However, this one probably falls in the category of be careful what you wish for, because you could get an overwhelming amount of entries. I can't imagine sitting there and watch this. But, in this particular case, yes a Syslog server is what you would use to receive the entries. You do want one that will display the entries as the come in - I'm not sure if Kiwi does that or not.
Jim
Thanks, Loren. Exactly what I'm looking for.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.