[ previous ] [ next ] [ threads ]
 
 From:  Jim Gifford <jim at giffords dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Traffic Stats
 Date:  Thu, 18 Mar 2004 13:28:41 -0500 
Someone pointed me to cacti off-list, and it is a lot nicer than cricket.
It also doesn't require as much system resources on the server.  And best
of all, it is far more responsive for the user.

However, I'll say the same thing about cacti that I said about MRTG and
cricket.  There aren't any SNMP MIBs on m0n0wall that permit per host or
per IP address statistics gathering.  All you can get is interface
statistics, which is nice to have, but isn't the level of detail everyone
keeps asking for.

I'll say that again: the SNMP MIBs in m0n0wall do not exist to do per
host or per IP address statistics.  You can't do a 'top talkers' list
from the SNMP MIBs that are available.

Every time I've chimed in on a thread about per host traffic stats, I've
had at least one response pointing me to MRTG (which I used at a previous
job), or cricket, or now cacti.  Of these, cacti is the sweetest, and I
appreciate the pointer.  I'll be removing cricket soon.  However, not one
of those pointing people to MRTG and related utils has demonstrated that
they can indeed get per host or per IP address stats from m0n0wall.  I've
used snmpwalk, and the MIBs just aren't there for that.

This is a Frequently Asked Question.  There are frequently pat answers
given.  Yet, in my opinion, the answers are for the wrong questions.  The
question isn't "how much of my total bandwidth is being used?" the
question is "which machine/protocol is using all my bandwidth?"

Having said all that, I would love to be proved wrong.  Until that
happens though, I'll be building an ethernet tap and using something like
ntop or the like.

Oh, and for the original poster, you might want to play with the traffic
shaping features.  If nothing else, you could shape everyone down to a
fair percentage of the total bandwidth, so that even if they are trying
to use more than they should, they can't.  I'm not sure how feasible
this would be though.

jim

On Thu, Mar 18, 2004 at 12:34:20PM -0500, Jim Gifford wrote:
> I've set up cricket to graph the SNMP stats it gets from m0n0wall.
> Honestly though, the graphs aren't that useful.  It sounds like you want
> a "top talkers" list, and cricket doesn't give that.  I doubt that MRTG
> does either, considering their similar backgrounds and features.
> 
> You could build an ethernet tap to sit between the LAN and the LAN port
> on the m0n0wall, and hook that to a machine running something like ntop
> to get that kind of information.
> 
> ethernet tap: http://www.snort.org/docs/tap/
> 
> hope this helps,
> jim
> 
> On Thu, Mar 18, 2004 at 08:37:57AM -0600, Brandon Holland wrote:
> > What do you guys pair your m0n0 with to have traffic stats?
> >  
> > I think I need them, I have reason to suspect there are certain high
> > volume internet users that shouldn't be so high volume :'(
> >  
> > 
> > Brandon Holland    (Brandon at Cookssaw dot com)
> > Network Administrator
> > Cooks Saw MFG, LLC ( <http://www.cookssaw.com/> www.CooksSaw.com)
> >     "Leading the bandsaw Industry
> >          by providing tomorrow's innovation today"
> > 160 Ken Lane
> > Newton, AL 36352  (Click
> > <http://www.mapquest.com/maps/map.adp?city=newton&state=AL&address=160+k
> > en+ln&zip=36352&country=us&zoom=5> for map)
> >    Ph: 1-800-473-4804    [ (334) 692-5074 ]
> >    Fax: (334) 692-3704
> > 
> >  
> > 
> >  
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>