[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice for an IP accounting program



Craig Sanders <cas@taz.net.au> writes:

>> With a little know-how in shell-scripting, it should be trivial to
>> generate statistics and graphs from its output.
>
> if you modified it to produce Netflow output (same as cisco and
> other routers), then there's a good range of tools which already
> exist to do this. and, it's always a good idea to use an existing
> standard rather than reinvent the wheel.

Unfortunately, I probably won't have the time for that, as I no longer
work for the ISP I originally wrote the code for. And I suppose those
guys no longer need it, either. (New manglement took over and for some
reason decided they liked C and J better than L just about everywhere
where it had proven to work very well at a fraction of the cost.)

It still is a good idea, I actually thought about that at some time.
Just never got around to implementing ulog-fprobe.

> e.g. these are already in debian:
>
> flow-tools - collects and processes NetFlow data
> flowscan - flow-based IP traffic analysis and visualization tool
> libcflow-perl - Perl module for analyzing raw IP flow files written by cflowd

I am aware of those, 

> btw, there are also two libpcap-based netflow capturers already
> debianised - a netfilter/ulog alternative would be a good thing.
>
> fprobe - exports NetFlow V5 datagrams to a remote collector
> pmacct - promiscuous mode traffic accountant

Those presumably suffer from the same problem net-acct (which
ulog-acctd was originally based on) does: Comparably high load for the
same task.

-Hilko



Reply to: