Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Monitor traffic for our VPN users
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Monitor traffic for our VPN users

ttsaonttsaon Member

HI there ,

I have a VPN server ( Install PPTP and OpenVPN ) .

We have some abuse report ( Spaming , torrent , Brute Force to a server ,... ) and I want to find my bad users .

How can I log our traffic ? I need a log like iftop output .

Please advise .

Thank you

Comments

  • L7 is the way to go.

  • BellaBella Member

    @TarZZ92 said:
    L7 is the way to go.

    Whats L7? I tried googling it but couldn't find anything related to monitoring

  • ZEROFZEROF Member

    Hi,

    You can try to use ntop or BandwidthD.

  • Snort or Surricata

  • MuZoMuZo Member

    Bella said: Whats L7? I tried googling it but couldn't find anything related to monitoring

    I think he means Layer 7 - http://en.wikipedia.org/wiki/OSI_model

  • ttsaonttsaon Member

    @ZEROF with ntop or BandwidthD. how to find bad user?

  • ZEROFZEROF Member

    ttsaon just see who is using to much of your server resource. BandwidthD will show you where traffic goes:

    Thanked by 1Mark_R
  • ttsaonttsaon Member

    @ZEROF did you setup vpn on your server?.

  • ZEROFZEROF Member
    edited July 2014

    That information i can share, but i can't say you where and when. In this time i don't have VPN for personal use, i have set it for company i worked for. Administrators use that connection for secure connection to manage data center.

  • ttsaonttsaon Member

    @ZEROF the pic you show only total traffic daily . so I can not find "bad user" with vpn any idea?

  • @ttsaon said:
    ZEROF the pic you show only total traffic daily . so I can not find "bad user" with vpn any idea?

    Just under the logo you can choose which time frame you want to see.

  • The best way is to use NetFlow.

  • ttsaonttsaon Member

    @ValdikSS can you provide details about netflow. did you use it ban p2p on vpn server?

  • Snort will allow you to automatically profile traffic. Netflows is fine but you need to get that data from somewhere. I assume this is just a dedicated server or vps so you are unlikely to get that data.

  • @ttsaon said:
    ValdikSS can you provide details about netflow. did you use it ban p2p on vpn server?

    No, netflow is designed to get you source_ip-source_port_destination_ip_destination_port data, which you can log and analyze later. To block p2p traffic, you need nDPI http://www.ntop.org/products/ndpi/

  • @ttsaon said:
    HI there ,

    I have a VPN server ( Install PPTP and OpenVPN ) .

    We have some abuse report ( Spaming , torrent , Brute Force to a server ,... ) and I want to find my bad users .

    How can I log our traffic ? I need a log like iftop output .

    Please advise .

    Thank you

    You buy VPS from each locations and You sell VPN service to other people?

    Most VPS providers ONLY allow VPN for personal use. Why don't you get dedicated server?

Sign In or Register to comment.