Network Monitoring on a Budget

Posted: August 21st, 2009 | Author: | Filed under: Network, Security | No Comments »

In this post, I want to discuss how to monitor a small network without spending big money. The goal of such monitoring is primarily security. We want to look for signs of presence of attackers and malware on our network. It is quite a daunting task, especially if there is no dedicated budget and no dedicated personnel (which is what one usually finds in small, and sometimes even not so small institutions). Below, there are some of the things that I have tried. If you have other ideas, please share them (send a comment). Read the rest of this entry »

IFSTAT network data visualized

Posted: July 22nd, 2009 | Author: | Filed under: Network, Security | Comments Off on IFSTAT network data visualized

I have many computer systems on my network that stay powered on 24/7 (these are mostly servers but also many desktops systems stay on for a variety of reasons). Monitoring network bandwidth usage on such systems can be quite desirable. It can help to detect, let’s call them, “unofficial” activities by users. It can also help to detect presence of a network active malware. Whatever your reasons are, if you are interested in network monitoring, IFSTAT program is your friend.

IFSTAT – – is a great tool written by Gaël Roualland for network usage monitoring on individual computer hosts . IFSTAT runs on most computer platforms, it is very easy to install, and very easy to use.

IFSTAT generates large volumes of of data that is not easy to analyze especially when one has to deal with data coming from tens of hosts. A graphical presentation of IFSTAT data should substantially facilitate analysis. I developed a simple tool to collect and to visualize data collected by IFSTAT.

My tool is intended for networks of computers. It is not intended (and probably not very useful) for a home computer user with a couple of systems on the network.


IFSTAT is executed on individual computer hosts in a continuous or a semi-continuous manner. IFSTAT data is sent periodically to a Web server host via HTTP POST method. Perl scripts on the server process submitted data and make it available for presentation. Data is collected and presented per host and per calendar month. Color is used for presentation of network bandwidth values (in addition to numerical values). You can see an example of IFSTAT presentation page generated on the web server here.
Read the rest of this entry »

Backup each Samba share to a separate archive

Posted: July 16th, 2009 | Author: | Filed under: Backup | No Comments »

The backup script that I use on my Samba file servers, stores each Samba share in a separate cpio archive (i.e. in a separate backup file). I find such share-based backup arrangements very convenient.

My script – see below – extracts share names and paths from Samba configuration file. When a new share is configured in Samba, it is automatically added to backups.

The script runs full backup followed by 30 incremental backups. After 30 incrementals, the cycle repeats itself – full + 30 incrementals. The script keeps track of the count for each share (their counts do not have to be in sync).
Read the rest of this entry »