And the winner is: pmacct.
This one is really quick and simple to put together, five minutes and a configuration file later and I'm logging all traffic on all ports in 10 minute time slices, broken down by source, destination, MAC, port, etc. It also contains actual amounts of traffic too, so I can see how much is going in and out. It's also logging to MySQL so I can fiddle about with producing nice reports as much as I would like, probably using this tool: http://www.maani.us/charts/index.php I also realise that traffic that doesn't get through the firewall has still made it to my machine, and has gone over my interface, and thus I will be accountable for that traffic. If it's an SMTP connection that's tarpitted by spamd, it's still bytes that I'm accountable for. Thanks to everybody who replied for your good suggestions, Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
