[ previous ] [ next ] [ threads ]
 
 From:  David Rodgers <david dot rodgers at kdsi dot net>
 To:  Jim Gifford <jim at giffords dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Traffic Stats
 Date:  Thu, 18 Mar 2004 12:38:48 -0600 
Cacti is an excellent interface to RRDtool ... simply amazing

The best way I have found to get a per user traffic summary though is
with netfow (ala cisco) with this http://freshmeat.net/projects/flavio/
or astrowflow as a bridge www.netsoft.co.za 

I don't know about ipf but there is a netflow exporter for openbsd's pf
http://freshmeat.net/projects/pfflowd/ maybe someone can find something
similar to let m0n0wall export netflow data to a collector to do stats
like this?

David Rodgers




On Thu, 2004-03-18 at 12:28, Jim Gifford wrote:
> Someone pointed me to cacti off-list, and it is a lot nicer than cricket.
> It also doesn't require as much system resources on the server.  And best
> of all, it is far more responsive for the user.
> 
> However, I'll say the same thing about cacti that I said about MRTG and
> cricket.  There aren't any SNMP MIBs on m0n0wall that permit per host or
> per IP address statistics gathering.  All you can get is interface
> statistics, which is nice to have, but isn't the level of detail everyone
> keeps asking for.
> 
> I'll say that again: the SNMP MIBs in m0n0wall do not exist to do per
> host or per IP address statistics.  You can't do a 'top talkers' list
> from the SNMP MIBs that are available.
> 
> Every time I've chimed in on a thread about per host traffic stats, I've
> had at least one response pointing me to MRTG (which I used at a previous
> job), or cricket, or now cacti.  Of these, cacti is the sweetest, and I
> appreciate the pointer.  I'll be removing cricket soon.  However, not one
> of those pointing people to MRTG and related utils has demonstrated that
> they can indeed get per host or per IP address stats from m0n0wall.  I've
> used snmpwalk, and the MIBs just aren't there for that.
> 
> This is a Frequently Asked Question.  There are frequently pat answers
> given.  Yet, in my opinion, the answers are for the wrong questions.  The
> question isn't "how much of my total bandwidth is being used?" the
> question is "which machine/protocol is using all my bandwidth?"
> 
> Having said all that, I would love to be proved wrong.  Until that
> happens though, I'll be building an ethernet tap and using something like
> ntop or the like.
> 
> Oh, and for the original poster, you might want to play with the traffic
> shaping features.  If nothing else, you could shape everyone down to a
> fair percentage of the total bandwidth, so that even if they are trying
> to use more than they should, they can't.  I'm not sure how feasible
> this would be though.
> 
> jim
> 
> On Thu, Mar 18, 2004 at 12:34:20PM -0500, Jim Gifford wrote:
> > I've set up cricket to graph the SNMP stats it gets from m0n0wall.
> > Honestly though, the graphs aren't that useful.  It sounds like you want
> > a "top talkers" list, and cricket doesn't give that.  I doubt that MRTG
> > does either, considering their similar backgrounds and features.
> > 
> > You could build an ethernet tap to sit between the LAN and the LAN port
> > on the m0n0wall, and hook that to a machine running something like ntop
> > to get that kind of information.
> > 
> > ethernet tap: http://www.snort.org/docs/tap/
> > 
> > hope this helps,
> > jim
> > 
> > On Thu, Mar 18, 2004 at 08:37:57AM -0600, Brandon Holland wrote:
> > > What do you guys pair your m0n0 with to have traffic stats?
> > >  
> > > I think I need them, I have reason to suspect there are certain high
> > > volume internet users that shouldn't be so high volume :'(
> > >  
> > > 
> > > Brandon Holland    (Brandon at Cookssaw dot com)
> > > Network Administrator
> > > Cooks Saw MFG, LLC ( <http://www.cookssaw.com/> www.CooksSaw.com)
> > >     "Leading the bandsaw Industry
> > >          by providing tomorrow's innovation today"
> > > 160 Ken Lane
> > > Newton, AL 36352  (Click
> > > <http://www.mapquest.com/maps/map.adp?city=newton&state=AL&address=160+k
> > > en+ln&zip=36352&country=us&zoom=5> for map)
> > >    Ph: 1-800-473-4804    [ (334) 692-5074 ]
> > >    Fax: (334) 692-3704
> > > 
> > >  
> > > 
> > >  
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>