Our company has a legal requirement to log all file access to a Netware 4 file server. Half the clients are using TCP the other half are on IPX. There are plenty of solutions to grab the first few snaplen of the TCP packets to log access to the server from an independant BSD station running in promisc.
I have yet to find a solution to capture just enough of the IPX traffic to decode the NCP protocol enough to see what user was access which file on the server.
So far tethereal has come very close but it wants to grab the entire packet before decoding it and we are going through 10GB per day of storage.
I need a way to log these file server connections in a searchable format. It can be messy – it just needs to be searchable.
We do have Sniffer from NA available to us commercially if it helps.
