[ previous ] [ next ] [ threads ]
 
 From:  "Honson, Steven N" <steven dot honson at education dot tas dot gov dot au>
 To:  "Michael Mee" <mm2001 at pobox dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] traffic monitoring - proposal
 Date:  Fri, 27 Jun 2003 16:44:31 +1000 
Hi,

It just so happens I was thinking about the same subject earlier today
:)

There are a few lightweight programs out there that will run
promiscuously on a interface and output stats to a text file every hour.
IPFM is one such tool.
http://robert.cheramy.net/ipfm/
http://bw.intellos.net/
I can't see it being too hard to put together some PHP pages to
interface to this.
The only problem is the fact that you would have a ever growing number
of log files.
Maybe this is where some sort of rotating system could be put in place
to keep this consistant.

I would possibly be interested in putting some time into implementing
this program in m0n0wall, I should have some spare time this weekend to
have a play and see if its at least possible to do what we want easily.

Cheers,
Steven

-----Original Message-----
From: Michael Mee [mailto:mm2001 at pobox dot com] 
Sent: Friday, 27 June 2003 4:40 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] traffic monitoring - proposal

I've spent several interesting (though often frustrating!) hours trying
various ways of tracking bandwidth by IP and have the following strawman
proposal. This is based on my still very patchy and limited knowledge of
*BSD/*nix tools in this area, so please don't be shy about telling me
how
much easier I could do something or how braindead my approach is!

Problem:

I'd like to track bandwidth used by IPs within my lan. Most of my IPs
are
actually assigned via static dhcp/mac mappings, so it would be great to
use
that list as a tracking source, but it would also be ok to track via
another
list entered seperately (assuming an automatic list is too hard, is it?
-
see proposal below).

I'd settle initially for a bandwidth report that I can view as an admin
via
the GUI. Ability to zero the counts would be nice too.

Proposal:

Add some GUI that adds the following style rules via ipf (assuming sis1
is
the wan):

count in on sis1 from any to 10.0.0.52
count out on sis1 from 10.0.0.52 to any

and the ability to read those rules via /sbin/ipfstat -aio and present
the
results.

Discussion:

This is (obviously) a fairly simple addition. No new programs needed,
just a
couple more php pages with some code to parse the output and display it.

But, my ignorance makes me wonder what the negatives might be?  Are
counters
relatively cheap in ipfilter?  Or would this perhaps be better done via
ipfw? Or maybe I missed the handy-dandy utility that does all this
automagically? Or maybe this too specific to my scenario (e.g. assigned
IPs)
and noone else would want or use it?  Or maybe I'm missing something
major
such as ipf's 'count' only counts packets which are not a good proxy for
bandwidth like I'm assuming?

Comments please!  If others agree that this would be useful and
workable,
I'll go ahead and make a start on it.

cheers, michael


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch