[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "David Rodgers" <david dot rodgers at kdsi dot net>, "Jim Gifford" <jim at giffords dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Traffic Stats
 Date:  Thu, 18 Mar 2004 12:47:24 -0800
I use a script I hacked together from a program called bandwidthmonitor - it
adds a rule to ipfw with counters for all addresses aliased on the box, and
could in theory add any you want.

Then in a cron I pull this down to a database, for reporting, but you could
do something to create MRTG style files with it as well - could probably
hijack their code and replace the collection part to pull from firewall
counters instead of snmp.

m/

> -----Original Message-----
> From: David Rodgers [mailto:david dot rodgers at kdsi dot net]
> Sent: Thursday, March 18, 2004 10:39 AM
> To: Jim Gifford
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Traffic Stats
>
>
> Cacti is an excellent interface to RRDtool ... simply amazing
>
> The best way I have found to get a per user traffic summary though is
> with netfow (ala cisco) with this http://freshmeat.net/projects/flavio/
> or astrowflow as a bridge www.netsoft.co.za
>
> I don't know about ipf but there is a netflow exporter for openbsd's pf
> http://freshmeat.net/projects/pfflowd/ maybe someone can find something
> similar to let m0n0wall export netflow data to a collector to do stats
> like this?
>
> David Rodgers
>
>
>
>
> On Thu, 2004-03-18 at 12:28, Jim Gifford wrote:
> > Someone pointed me to cacti off-list, and it is a lot nicer
> than cricket.
> > It also doesn't require as much system resources on the server.
>  And best
> > of all, it is far more responsive for the user.
> >
> > However, I'll say the same thing about cacti that I said about MRTG and
> > cricket.  There aren't any SNMP MIBs on m0n0wall that permit per host or
> > per IP address statistics gathering.  All you can get is interface
> > statistics, which is nice to have, but isn't the level of
> detail everyone
> > keeps asking for.
> >
> > I'll say that again: the SNMP MIBs in m0n0wall do not exist to do per
> > host or per IP address statistics.  You can't do a 'top talkers' list
> > from the SNMP MIBs that are available.
> >
> > Every time I've chimed in on a thread about per host traffic stats, I've
> > had at least one response pointing me to MRTG (which I used at
> a previous
> > job), or cricket, or now cacti.  Of these, cacti is the sweetest, and I
> > appreciate the pointer.  I'll be removing cricket soon.
> However, not one
> > of those pointing people to MRTG and related utils has demonstrated that
> > they can indeed get per host or per IP address stats from
> m0n0wall.  I've
> > used snmpwalk, and the MIBs just aren't there for that.
> >
> > This is a Frequently Asked Question.  There are frequently pat answers
> > given.  Yet, in my opinion, the answers are for the wrong
> questions.  The
> > question isn't "how much of my total bandwidth is being used?" the
> > question is "which machine/protocol is using all my bandwidth?"
> >
> > Having said all that, I would love to be proved wrong.  Until that
> > happens though, I'll be building an ethernet tap and using
> something like
> > ntop or the like.
> >
> > Oh, and for the original poster, you might want to play with the traffic
> > shaping features.  If nothing else, you could shape everyone down to a
> > fair percentage of the total bandwidth, so that even if they are trying
> > to use more than they should, they can't.  I'm not sure how feasible
> > this would be though.
> >
> > jim
> >
> > On Thu, Mar 18, 2004 at 12:34:20PM -0500, Jim Gifford wrote:
> > > I've set up cricket to graph the SNMP stats it gets from m0n0wall.
> > > Honestly though, the graphs aren't that useful.  It sounds
> like you want
> > > a "top talkers" list, and cricket doesn't give that.  I doubt
> that MRTG
> > > does either, considering their similar backgrounds and features.
> > >
> > > You could build an ethernet tap to sit between the LAN and
> the LAN port
> > > on the m0n0wall, and hook that to a machine running something
> like ntop
> > > to get that kind of information.
> > >
> > > ethernet tap: http://www.snort.org/docs/tap/
> > >
> > > hope this helps,
> > > jim
> > >
> > > On Thu, Mar 18, 2004 at 08:37:57AM -0600, Brandon Holland wrote:
> > > > What do you guys pair your m0n0 with to have traffic stats?
> > > >
> > > > I think I need them, I have reason to suspect there are certain high
> > > > volume internet users that shouldn't be so high volume :'(
> > > >
> > > >
> > > > Brandon Holland    (Brandon at Cookssaw dot com)
> > > > Network Administrator
> > > > Cooks Saw MFG, LLC ( <http://www.cookssaw.com/> www.CooksSaw.com)
> > > >     "Leading the bandsaw Industry
> > > >          by providing tomorrow's innovation today"
> > > > 160 Ken Lane
> > > > Newton, AL 36352  (Click
> > > >
<http://www.mapquest.com/maps/map.adp?city=newton&state=AL&address=160+k
> > > en+ln&zip=36352&country=us&zoom=5> for map)
> > >    Ph: 1-800-473-4804    [ (334) 692-5074 ]
> > >    Fax: (334) 692-3704
> > >
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch