ipaudit-web logs network activity, maintains traffic summaries, and presents Web-accessible graphs and reports. ipaudit-web logs network activity, maintains traffic summaries, and presents Web-accessible graphs and reports. It is useful for identifying heavy bandwidth users, DoS attacks, and scans, etc.
IPAudit can be intsalled in a distribution-specific binary package, or can be compiled from source. To compile IPAudit, you first need the pcap packet library installed. You can download and compile the " classic " source code from LBNL Network Research Group or you can download a newer version of the pcap library from tcpdump.org.
IPAUDIT can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwidth consumption and denial of service attacks.
We run it in shifts. Every 30 minutes launch an new instance of IPAUDIT in the background and kill the previous instance. Before the previous instance dies it writes a file describing the network activity for the past 30 minutes. Perl scripts then parse this file and make a Web viewable report. It currently monitors a 45MB link averaging at about 1/3 capacity on a Pentium II/333 running Linux 2.2.13. Average CPU usage is at about 10%, and peaks at around on the half hour.
IPAUDIT can also be used with IPAUIT-WEB, and collection of cron and web-cgi scripts for gathering data and making reports (NOTE: The separate IPAUDIT-WEB distruction not yet available. You can however obtain web-cgi scripts from ipaudit-0.93b4.tgz).
What's New in This Release:
· corrected for packet double count / double write when packets travels between two monitored interfaces.
· added -M option to turn off correction for multiple devices.