On Wed, 2003-10-29 at 17:52, Mark Webb wrote: > > I was asked by the powers that be to set up some monitoring of our > workplaces internet traffic. Basically a breakdown of the volume used > and what protocol is using it. i.e. 20% mail, 30% web, 10% ftp, > etc.... I would use ntop for this. Its specifically designed for this type of activity and creates pretty pie charts with lots of colors. ;-) http://www.ntop.org/ > On the box I have iptables running using the following: > > iptables -A INPUT -j LOG --log-level 7 --log-prefix '[MONITOR]' > > Now all this seems to be working (sort of). If I compare the log to > a tcpdump output the log is only capturing about 5%. Try: iptables -A FORWARD -j LOG --log-level 7 --log-prefix '[MONITOR]' but as I said, I would use ntop. HTH, C
