On 13-sep-2007, at 0:07, Joe Lagreca wrote:

> I have a client that is running a m0n0wall.  I have been watching
> their network activity via the traffic graph, and I see that their
> outbound traffic has been pegged all day.  I would like to find out
> which machine is causing this and why.  How can I go about figuring
> this out?  Is there some SNMP monitoring utility I can run that will
> give me per user bandwidth information, etc?  Thanks.
>
Try turning on logging to a remote syslog server (Diagnostics > Logs  
 > Settings) and turn on the logging of firewall events. Then turn  
the 'Log packets that are handled by this rule' option on every rule  
that passes traffic. Then sift through the syslog...


Peter