Re: Re-post, with additional questions/infomation: Traffic monitoring/logging question
Hellow,
The problem need to be split in 2:
- where to take the information from
- how to analyse them.
To get a good accounting, especially with a NAT'ed situation, simply
use some accounting rules in iptables on your firwall. From there,
you need some scripts that 'll collect the information and storge
them in the approriate way.
IPAC does it but does not store it properly, cricket need to be
extended by adding a script, same for MRTG.
Hope that help,
JeF
On Tue, Mar 05, 2002 at 10:50:26PM +0100, Auke Rensen wrote:
> Hi list(eners),
>
> Thanks for the previous suggestions.
> Despite this suggestions, we still can't find a suitable solution.
>
> We have looked at NTOP , IPAC and MRTG.
> MRTG does not give us the right information in the right for, so this
> ain't an option.
>
> It seems that both other utils need some in depth knowledge to let them
> fit our situation.
>
> Let me try to explain the situation a bit better.
>
> We've got a firewall witch connects multiple LAN's to the internet.
> On both LAN's there are public services, witch are accessable from the
> internet via NAT rules.
>
> We need to track and log all possible traffice and analize it on a
> daily, weekly and monthly basis, so we can devide te cost of the connection.
>
> Here are the questions about IPAC and NTOP.
>
> IPAC:
> 1.) Does IPAC support DNAT, SNAT and forward rules?
> 2.) Does anyone have /know some documentation on IPAC
> 3.) Has someone succesfully implemented this in a similar situation?
>
> NTOP:
> 1.) Does anyone know how to log and store the collected data?
> 2.) Does anyone know how to insert specific source/destination rules?
>
>
> I hope someone can help us further.
>
> Anyway, thanks in advance.
>
>
>
> A.M. (Auke) Rensen
> Senior System Engineer
>
> Ovation B.V.
>
>
>
>
>
> Original message:
> =================
> For our company's shared internet connection, I'm looking for a utility
> to monitor and log the generated traffic over the internet connection.
> As you can see there are two LAN's connected to a firewall/proxy server.
> The firewall uses IPTables, DNAT and SNAT.
>
> ------------------------------------------------------------------------
>
>
> Situation sketch
>
> ----------
> | Internet |
> ----------
> |
> _|
> /
> | <= eth0
> _|____
> |______| ---------------------------
> |______| <= | Debian GNU/Linux Firewall |
> | | <= | Release: Unstable |
> | | <= | Kernel: 2.4.16 |
> |+ === | <= | Proxy: Squid |
> | | ---------------------------
> | ---- |
> | ---- |
> |______|
> eth1 => | | <= eth2
> | |
> | |______
> | |
> | |
> |-------|-------| |
> LAN1 |
> |
> |-------|-------|
> LAN2
>
> ------------------------------------------------------------------------
>
>
> What I'm looking for is a application (or a combination of multiple)
> witch can build some usage reports.
> We need this information to share the bill of the internet connection
> fairly.
> I'd like to be able to create daily, weekly, monthly and yearly reports.
> What I'd like to know is if someone knows a utility witch is at least
> capable of giving the following statistics:
>
> Traffic from:
> -------------
> - LAN1 <=> internet, in bytes.
> - LAN2 <=> internet, in bytes.
> - LAN1 <=> LAN2, in bytes.
> - Total amount of traffic from all LAN's <=> Internet.
>
> Reports:
> --------
> I'd prefer the reports in some kind of graphical way, but plain text
> would also be fine.
> I need to get "per host statistics", to compare them to the total amount
> of traffic
>
> Note:
> -----
> The clients on both LAN's use the firewall as proxy server (...)
> This traffic MUST also be included in the statistics.
>
>
> I know this all CAN be done, but I don't know where to start.
> Can anybody help me?
>
>
> Thanks in advance,
>
>
>
> A.M. (Auke) Rensen
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
--
-> Jean-Francois Dive
--> jef@linuxbe.org
Reply to: