Results 1 to 9 of 9
  1. #1

    * Monitor traffic for our VPN users

    HI there ,

    I have a VPN server ( Install PPTP and OpenVPN ) .

    We have some abuse report ( Spaming , torrent , Brute Force to a server ,... ) and I want to find my bad users .

    How can I log our traffic ? I need a log like iftop output .

    Please advise .

    Thank you

  2. #2
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by nashenas View Post
    HI there ,

    I have a VPN server ( Install PPTP and OpenVPN ) .

    We have some abuse report ( Spaming , torrent , Brute Force to a server ,... ) and I want to find my bad users .

    How can I log our traffic ? I need a log like iftop output .

    Please advise .

    Thank you
    iftop is not good idea to implement such thing.

    May be you can try -> http://bandwidthd.sourceforge.net/

  3. #3
    Join Date
    Jul 2009
    Posts
    240
    u can try ntop - but its not recommended to run it continously since its a resource hog but it has a very detailed breakdown of the traffic which is nice

    if you need something long term monitoring - RRD (there are plenty of scripts to monitor traffic for rrd)

  4. #4
    Thank you for your help but I don't need to log the traffics . I want to keep activity of my users .

    For example , we recevie a claim from a network that one of our users brute force attack to their server with our share IP via VPN connection .

    How can I find this user ?

  5. #5
    Join Date
    Jul 2009
    Posts
    240
    Quote Originally Posted by nashenas View Post
    Thank you for your help but I don't need to log the traffics . I want to keep activity of my users .

    this doesnt make any sense ..you are trying to find whose spamming to a certain network but you dont want to log the traffic?? ..isnt the spamming part the traffic you are trying to monitor?


    ntop monitors both inbound and outbound traffic, from here you can deduce who the offender is.

  6. #6
    ntop monitors both inbound and outbound traffic, from here you can deduce who the offender is.
    Thank you for your help.

    In fact ,I need a monitoring software for keep activities per IP .
    For example I want to check activities for a special IP or for example which user connect/use to special server .

    How can I do that with ntop ?

  7. #7
    Join Date
    Jul 2009
    Posts
    240
    from NTOP webpage...

    What ntop can do for me?

    • Sort network traffic according to many protocols
    • Show network traffic sorted according to various criteria
    • Display traffic statistics
    • Store on disk persistent traffic statistics in RRD format
    • Identify the indentity (e.g. email address) of computer users
    • Passively (i.e. withou sending probe packets) identify the host OS
    • Show IP traffic distribution among the various protocols
    • Analyse IP traffic and sort it according to the source/destination
    • Display IP Traffic Subnet matrix (who's talking to who?)
    • Report IP protocol usage sorted by protocol type
    • Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
    • Produce RMON-like network traffic statistics

  8. #8
    Join Date
    Dec 2007
    Posts
    609
    Check out ntop or bandwidthd, as the other two posters have suggested. Take a look at their features and see which one best suits your needs

  9. #9
    How many VPN users do you have on your server?
    Do you know what is being bruteforced? You could just sniff traffic that is going to the victim's IP, that way you could zero on the ppp interface that is doing this.

Similar Threads

  1. software script to monitor cpu usage and memory of users/domains
    By shars in forum Hosting Software and Control Panels
    Replies: 11
    Last Post: 02-20-2009, 04:01 AM
  2. Best traffic monitor for high traffic sites?
    By RumpleTumbler in forum Hosting Security and Technology
    Replies: 8
    Last Post: 11-18-2007, 12:50 PM
  3. Monitor traffic
    By WHQX in forum Hosting Security and Technology
    Replies: 7
    Last Post: 04-03-2007, 11:26 AM
  4. users activities/behaviour monitor
    By intlhost in forum Dedicated Server
    Replies: 0
    Last Post: 04-24-2004, 11:37 AM
  5. IIS Traffic Monitor
    By astraeuz in forum Programming Discussion
    Replies: 5
    Last Post: 03-17-2004, 02:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •