Re: Advice for an IP accounting program
Craig Sanders <cas@taz.net.au> writes:
>> With a little know-how in shell-scripting, it should be trivial to
>> generate statistics and graphs from its output.
>
> if you modified it to produce Netflow output (same as cisco and
> other routers), then there's a good range of tools which already
> exist to do this. and, it's always a good idea to use an existing
> standard rather than reinvent the wheel.
Unfortunately, I probably won't have the time for that, as I no longer
work for the ISP I originally wrote the code for. And I suppose those
guys no longer need it, either. (New manglement took over and for some
reason decided they liked C and J better than L just about everywhere
where it had proven to work very well at a fraction of the cost.)
It still is a good idea, I actually thought about that at some time.
Just never got around to implementing ulog-fprobe.
> e.g. these are already in debian:
>
> flow-tools - collects and processes NetFlow data
> flowscan - flow-based IP traffic analysis and visualization tool
> libcflow-perl - Perl module for analyzing raw IP flow files written by cflowd
I am aware of those,
> btw, there are also two libpcap-based netflow capturers already
> debianised - a netfilter/ulog alternative would be a good thing.
>
> fprobe - exports NetFlow V5 datagrams to a remote collector
> pmacct - promiscuous mode traffic accountant
Those presumably suffer from the same problem net-acct (which
ulog-acctd was originally based on) does: Comparably high load for the
same task.
-Hilko
Reply to: