I am looking for an efficient software to help me monitor a LAN with a about
400 workstations. I want to monitor the internal users activities, including Internet also I want to be able to simply disconnect a user from Internet in case he is doing something business unrelated, but I dont want to filter the urls, so I am not looking for applications like Websense or SurfControl. I also need to check the Internet/Network Bandwidth usage in total and per person at any time, so in case I get any complain about network/Internet speed I can simply find the reason.
Unless one know the environment, connectivity and requirements in detail, no one will be able to recommend appropriate tools.
In general I'd say: Detailed Policy, traffic shaping (QoS), some sort of proxy with some sort of user authentification, detailed logging and log analysis and at least one skilled admin equipped with a powerful LART.
If you can't build that by yourself, do not hesitate to get professional help maybe even from more than one *independant* and *skilled* consultants.
You can start giving a look at Nagios for monitoring and OpenNMS. OpenNMS it's something like OpenView, and it's very powerful, but Nagios it's much more easy to use.
I don't know of any software, but all of that you want is available in a firewall appliance. Which you probably know this. The least expensive that i can think of could be the zywall 2 from
My understanding was that he did not give any indication on specifics. So, he wants to check on bandwidth usage, he can with the zywalls. it goes by ip, tells port and protocol connected to and what local pc did this. it won't do like user accounts no. but it will tell you where people go and what local computer did this. that's a yes it does what he wants. however he is not being 100% specific. the zywall will do everything he wants based on the info he gave which is not much at all. it does what i just said above, but if he wants anything more specific which he has not said then it may not do it. but with what he said in his post it will do everything and very well too in my use of it. also the sonicwall TZ150 will too, but only for 10 devices/computers, for more it's have to be a more $ device. It has user accounts, all the BW info and so on.
to check to see if something is business related, again he didn't get specific at all, so it can still do this. if they know ports then the routers tell him what was accessed, from who/what local ip and how much data was transferred.
So it would do everything, but not everything if he wants more then what he has stated. No device can that i know of. like tell you what apps were really used etc. all they can do is what port, but again i am not sure.
and please Jose forigve me if I sounded harsh to you. I did not mean to and I'm very sorry if I was.
Can a Zywall monitor the "internal users activities"? Or maybe I didn't understand the question. Sure it can do it for internet connections, but not for the programs or files they are using in their machines. It can't even recognise the servers-proxies-spyware they are running.
How do you monitor with a Zywall if someone it's doing "something business unrelated" if it's in an allowed port?
How do you check the bandwith usage "per person", if more than one person connects to the same server and this server connects to internet through the firewall.
Zywall are excellent devices, and they can do lots of things, I only wanted to say that some of the thing he wants (or I have understood he wants) to do can't be done *only* with the Zywall.
I don't think, then, that your advise it's not good, I just think the Zywall it's not enough for all the things he wants to do.
That was the only thing I was saying, that if he needed some kind of monitoring not firewall specific he couldn't do it just with a firewall.
Obviusly it all depends on what he really want to monitor and how.
But have in mind that many protocols that are administratively prohibited in some enterprises, like Messenger can be tunneled through open ports like 80, so you must have a proxy like squid or some kind of IDS/IPS to check it.
I also don't know of any device or single software that can do what he wants. If he really wants everything he talks about in the original post and well done he will need a lot of software/hardware and a lot of work. It's easy to ask for solutions to what may look like simple problems to non ITs, but sometimes it's very difficult to implement this solutions.
No, no. You didn't sounded harsh at all. And I always have in mind that everyone that post to this newsgroups it's trying to help the original poster, and I think both of us were doing that, so everything was OK, I think we just tried to help the OP the best way that we could. Hope the OP have his problem a little more clearer :-)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.