Monitor trafic

[003]

I have an w2k-server with 5 domains, and need to monitor the trafic
(both in and out) for each domain. How and what should I do ??

I don't have access to the router behind, *only* the server. It should
log trafic for web, ftp and mail (port 80, 21, 110/25)

Thx

 

[Steven L Umbach]

IIS has some built in logging ability as described in link below. Otherwise you could
install a software firewall on the server. Sygate [free to try] has pretty extensive
built in logging, even if you decide not to use the firewall itself. You should also
look into installing the IIS lockdown/URL scan tool on your web server to further
protect it. Be sure to do a full backup before doing such however in case results are
not as expected. --- Steve

http://tinyurl.com/2fwhu
http://www.sygate.com/
http://support.microsoft.com/default.aspx?scid=kb;en-us;325864

 

[003]

you could install a software firewall on the server

I use BlackICE

Sygate [free to try] has pretty extensive built in logging

Ok, i will take a look at it

You should also look into installing the IIS lockdown/URL scan tool

Yes i know, already installed


Thx for the reply

 

[003]

Sygate [free to try] has pretty extensive built in logging

Now I have tried it, and can't see how it should handle traffic for
each domain. Have you ever done it yourself ??

 

[Steven L Umbach]

I have used it to monitor traffic. It can not distinguish by domain, but ip addresses
which you can match to security logs if you suspect malicious activity. If your dns
servers have reverse zones configured you could always query for machine/domain name
via ip address. --- Steve

Sygate [free to try] has pretty extensive built in logging

Now I have tried it, and can't see how it should handle traffic for
each domain. Have you ever done it yourself ??

 

[Jeff Cochran]

I have an w2k-server with 5 domains, and need to monitor the trafic
(both in and out) for each domain. How and what should I do ??

Depending on what you define as "traffic" you'd monitor your firewall
logs or proxy logs.

I don't have access to the router behind, *only* the server. It should
log trafic for web, ftp and mail (port 80, 21, 110/25)

Web, FTP and Mail are logged and you can analyse the logs for most
information you'd need.

See:

Logfiles:
http://www.iisfaq.com/default.aspx?view=P141

Jeff

 

[003]

Depending on what you define as "traffic"

I would like to count MB /month

you'd monitor your firewall logs or proxy logs

I don't have access to the hardware-firewall, only the "soft"
(BlackICE) - and can't see it logs anything about count mb.

Logfiles:
http://www.iisfaq.com/default.aspx?view=P141

My mail and ftp are 3.part prog, not MS.

 

[003]

If your dns servers have reverse zones configured

you could always query for machine/domain name
via ip address

Ok... all my domains use the same ip address.