# any recommendations out there for network traffic reporting software?



## nvisibl (Jul 29, 2008)

i'm looking to have some software that will run on a Windows 2008 server or PC sitting behind our cisco 2800 allowing me to monitor incoming/outgoing web traffic and produce usage reports allowing me to see specifc traffic per IP or even per windows domain user account

to find out which users might be accessing dodgy websites or running file sharing progs etc...

do you have any recommendations please?


----------



## PinoyIT (Feb 28, 2011)

I use Snort. It's an IDS but you can write rules for it to do whatever you want. It's not exactly user friendly but it's a great tool once you learn how to use it.


http://www.snort.org/


----------



## nvisibl (Jul 29, 2008)

thank you, just checking it out now

i'll probably need something quite gui orientated and user friendly as there's only one of me and a lot of system to manage


----------



## PinoyIT (Feb 28, 2011)

It's really not that bad. If you've written rules for firewalls before then it's pretty similar. Also, you can search on google for something that you want to do and most likely someone has written a rule for it. Just copy theirs and edit it to meet your needs.


----------



## alupis (Jun 19, 2006)

if you are looking for a GUI EasyIDS is a great product! its an entire OS designed for network monitoring jsut like what you are trying to do. Its built ontop of CentOS (RedHat) but you dont need to know ANYTHING about linux to operate it. 

it has several network security and monitoring apps built in including:
snort
ArpWatch
BASE (for interpreting Snort results)
NTOP
Nmap
and more...

install takes about 10 minutes and it sets most of everything up for you.

check it out... i love it out of simplicity...incase you can't tell 

EasyIDS 

another really good monitoring app is Cacti

most people think cacti is just for bandwidth monitoring, but it can monitor and graph anything that supports SNMP... which all of your windows boxes have that capability. With that you can monitor individual box's traffic, CPU %, % of ram, etc... everything about the box. You can have it monitor your firewalls/router for total network bandwidth as well... pretty neat tool. 

At my office we run both as i've found that the SNORT reported network usage to differ from what cacti suggests... so i kind of monitor both for anomalies etc...


----------



## nvisibl (Jul 29, 2008)

EasyIDS looks good, the linux bit puts me off simply as i only have one spare win2008 server to use for all my IT system management tools, but then i could put it on a desktop, so something to consider

we use monitormagic for all our snmp alerting, this is a great tool too


----------



## alupis (Jun 19, 2006)

if you have a win2008 server you might be able to run it as a vm using the free built in hypervisor (or maybe you can't... maybe you can only run windows VM's... not sure... i'm a Xenserver guy for free virtualization! lol)

yes you can just install it on a old desktop hardware, its very low resource usage from what i've monitored on our network which supports about 60 users. 

not knowing linux doesn't really matter with EasyIDS... u basically put the install CD in the drive, boot to it, select install, and it does the rest including reboot. its a self-contained package so you dont even have to mess with setting up partitions, or selecting installed packages etc... the only thing to watch out for is that it does not automatically eject the CD drive after the install is finished... so it will boot back into the cd if you dont watch it... but its usually a fast install taking less than 15 minutes...


----------



## nvisibl (Jul 29, 2008)

sounds good i'll give it a go, thanks for the reassuring info


----------

