Is there a way to monitor attempts to send traffic across port 25? I need to find a machine that is spamming.
An IPS appliance would do this (like Cisco IPS 42xx series) but if you're expecting NTA to do then it might not be in 'real time'.
It can report on that sort of traffic within the last 15 min. and you can drill down to conversations and see each direction/endpoints.
However it won't alert on this specific traffic but the IPS would.
that's fine, no need for real time. Can you point me in the right direction on setting this up with Orion?
You can use Manage Applications and Service Ports (NetFlow > NetFlow Settings) in the Orion Web Console.
Doug
it's setup to capture all port 25 traffic, but I cant find a place to actually "see" the data. here's a screen capture of where I would expcet it to be.
