[SlugBug] Network usage methodologies?

[James Wallbank]

Hello All,

I'm looking to implement a system to monitor who's using all the client 
machines at Access Space. Typically users are logging in via ypbind 
client machines which have access to a central fileserver.

I want to monitor who's using the network when (for statistical 
purposes, not for tracking individuals).

I guess I could use a cron job on the fileserver (or some other central 
admin box) to run rusers -a  and report back on who's logged in to 
client machines. (Or does rusers typically run as a daemon process, 
constantly monitoring?)

Either way around, it seems a long way round - I'll have to run a daemon 
rpc.rusersd (??) on all the clients so that they respond to an rusers 
query...

I'm GUESSING that that's a way to do it... but we now have TWO distros 
on each client machine, and it'll be a drag to install rpc.rusersd to 
each client TWICE.

Then there's the problem of people using live distros from CD. The 
monitoring will fail to catch up with client machines that aren't 
running rpc.rusersd.

Using the KISS principal, it seems that it'd be simpler to track who was 
doing  what to files on the fileserver.

Is there another way I could make conclusions about network usage? Could 
I track ypbind requests? (i.e. when users log in) from the fileserver? 
Could I track which remote users are logged in by the fact that their 
CWD would be their home directory on the fileserver?

Have any of you got experience in this area? I really need to know where 
to start - I can (probably) implement any recognised solution, but I 
don't want to start by implementing something that's over complex.

Thanks!

Best,

James
=====