<div dir="ltr">Thanks Tigerwolf. I'm running 5208 and I've started monitoring network traffic which should help me detect the big waves, but I was hoping to be able to find a simple report in the GUI that I could look at from week to week to see if any users or domains have had an unexpected jump in traffic. I can grep it out of the logs, but hitting the GUI from my phone would be convenient.<div><br></div><div>Is there no way to get "top senders" (either by user or domain) from the GUI?</div><div><br></div><div>Jeff</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 31, 2015 at 10:19 PM, Tigerwolf <span dir="ltr"><<a href="mailto:tigerwolf@tigerden.com" target="_blank">tigerwolf@tigerden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, 1 Apr 2015, Ernie wrote:<br>
<br>
> line, and use the mailq as root or sudo to see if a mass of spam is going<br>
> out, as a rule it will be choking the mail queue. Then you examine the<br>
> headers in /var/spool/mqueue to see who send the spam so you can figure out<br>
> the compromised user.<br>
<br>
Often, spammers will upload an entire self-contained spam system and list<br>
of target addresses and spew from that. Local logs will show NOTHING as<br>
none of the local mail programs are being used. To further complicate<br>
things, the spam system self-erases itself and leaves no trace once it's<br>
finished. FTP logs also may not show anything if they used SSH for<br>
transfer.<br>
<br>
If you have an older BX version, I'd recommend installing "vnstat" which<br>
makes nice historical graphs of a designated network interface with<br>
hourly, daily, and monthly use both in and outbound. You can look at<br>
in/out traffic with a browser using a companion program that reads the<br>
data and makes the graphics for a simple web page. Newer BX versions<br>
already include a similar program as part of the GUI, but I forget the<br>
name.<br>
<br>
Another quick-look kind of program is "iftop" which shows traffic on all<br>
ports of an interface. It's good for spotting something that's spewing<br>
outbound, or attacking inbound.<br>
<br>
<br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</blockquote></div><br></div>