Network management/control software?

I’m looking for a solution that allows me to monitor and control network traffic.


What I want is:


- Hot spot style user accounts that are easy to generate by non-IT personal.

- Data logging. All data must by logged including urls, which users visited those urls, traffic types (http, app market, streaming video etc).

- Data usage control. It must be possible to set a data limit for users.

- QoS. Preferably dynamic based on network usage.


It can either be an existing solution or something developed “in house”. I am no programmer or network expert the do-it-ourselves option might be best as it will allow us to tailor it to our needs.


I have been looking into some options that could be used as a base to build on. Squid seems to do most of the stuff I want, not sure about logging traffic types though.


Could somebody offer me some insight as to how many hours of programming it would take to build something like the above? Or point me to good existing solutions?
 
the one you described seems would works using Microtik. Btw some of them also can be done with windows PC running transparent proxy. But the new squid only runs on linux i think
 
My company set something like this up for a local bank's guest wifi with a SonicWall TZ 100, a Synology NAS box, and a bit of html. Probably not as user friendly and robust as what you're looking for though.
 
It will have to function in remote areas where on site service will be difficult so that is probably not as robust as I would like ;)

I'm looking at Endian now. Like Oranga's recommendation they have a software solution available as well but it seems to run on top of a existing linux installation instead of using it's own OS so that is a plus.

It seems to do most of the stuff I want, just need to look at actually how much details can be logged an to what extent that data can be extracted to be displayed in our own overlay. Same goes for some basic control things like WAN switching.

Doesn't look cheap though.
 
Assuming you only need port 80 / http type of traffic, a proxy with login seems to do it.
User accounts/details are stored in a LDAP (in Microsoft land that would be Active Directory), there's some authentication facility (Kerberos, PAM etc.) and the proxy is an easy place to do some caching, filtering, logging etc.
OK, I've noticed you talk of using squid :)

I used and admined (but did not set up) such a system which simply used openldap, squid, linux pam, a hardware firewall made from a 400MHz PC etc.
One hard part is adding user accounts : that was done with black command line and über-security password. Logging as root into the firewall (yea, you could stop reading here) so as to ssh as root into the mail + ldap server that was in the DMZ, then run a custom perl script made by a guru (but that's readable perl, with indentation and newlines)

One dumb thing would be firefox prompting you for login/password, same as for logging into the session in the first place. I don't remember if the credentials were cached when you used a managed PC (that uses the same LDAP) ; there was also some firewall black magic to allow direct internet access in that case.
I THINK the login was cached (it's the job of nscd anyway)
You could use the login + password proxy from an unmanaged PC (let's say any random personal laptop) which was kind of neat. Later some "captive portal" was set up.

I know some logging was done but never cared about it :eek: and QoS wasn't a concern (you get the squid cache, at least)

I'd try to play with Zentyal if I had to set up a similar network. It's an Ubuntu 14.04 LTS distro (so, it just got a new version) for doing ldap and network thingies, with a web interfaces. So I suppose you can manage the users in the clicky-clicky way (we had a web interface for ldap, but it was useful to modify the users (including deleting the password) or to look at them, not create/delete users)

There may be umpty solutions for doing these things, so I have no idea about any "Xorqz" from a_company inc. or "Joozie 14" from Networkworks ltd.

disclaimer : that was for student non-profit stuff, not a professional setting
 
Last edited:
I have been looking into some options that could be used as a base to build on. Squid seems to do most of the stuff I want, not sure about logging traffic types though.

That is a weird or unreasonable requirement perhaps. A lot of it goes through https so if you want maximum control-freakery you would need to perform a Man-in-the-Midde Attack to look at the content (some places may actually do it)

That aside, perhaps logging the MIME types of stuff that goes through is enough.
 
I’m looking for a solution that allows me to monitor and control network traffic... It can either be an existing solution or something developed “in house”. I am no programmer or network expert the do-it-ourselves option might be best as it will allow us to tailor it to our needs.

As a rec for tongue of colicab (if he is still looking) or someone else with a similar question who pops by: I would suggest you at least look at 1&1 before you make a final decision. Their " dynamic cloud server " package should cover all your bases, and you can customise it to your needs.

ref: my own experience
 
Back
Top