On Mon, Apr 28, 2008 at 04:24:20PM +0100, Adam McGreggor wrote:
> On Mon, Apr 28, 2008 at 12:02:21PM +0200, Jorge Salamero Sanz wrote:
> > which software would you recommend for traffic accouting on a firewall ?
> >
> > i want monitor forwarded traffic and connections and graph it with
> > something like rrdtols.
> >
> > i'd like to find something lightweight (ntop or nagios are too heavy) and
> > easyly customizable, alerts are a plus.
>
> snmp & mrtg?
cricket or cacti are better than mrtg these days.
but the answer to the OP's question depends on whether he just wants to
see a graph summarising traffic in & out on each interface, or
if he wants to do detailed traffic accounting.
for that he'd need to do netflow processing.
e.g. with:
Package: nfdump
Section: net
Installed-Size: 632
Maintainer: Erik Wenzel <erik@debian.org>
Version: 1.5.7-2
Depends: libc6 (>= 2.7-1), librrd2 (>= 1.2.15), lsb-base (>= 3.0-6)
Description: netflow capture daemon
Collects and processes netflow data with command line tools. Collected netflow
data is stored in filesystem and is limited by available storage space only.
Tools are optimized for speed and filtering. nfcapd reads netflow v5, v7 and
v9 flows transparently. You need one nfcapd process for each netflow stream.
Optional support for sFlow and flow-tools to nfdump conversion utilities are
available but needs re-compiliation.
Homepage: http://nfdump.sourceforge.net/
Tag: admin::accounting, implemented-in::c, interface::commandline, interface::daemon, network::{routing,scanner,server}, protocol::{ip,ipv6,tcp,udp}, role::program, use::{analysing,checking,filtering,monitor,viewing}
and/or
Package: pmacct
Section: net
Installed-Size: 1536
Maintainer: Jamie Wilkinson <jaq@debian.org>
Version: 0.11.4-1
Depends: libc6 (>= 2.6.1-1), libmysqlclient15off (>= 5.0.27-1), libpcap0.8 (>= 0.9.3-1), libpq5, libsqlite3-0 (>= 3.4.2), zlib1g (>= 1:1.2.3.3.dfsg-1), iproute
Description: promiscuous mode traffic accountant
pmacct is a tool designed to gather traffic information (bytes and number
of packets) by listening on a promiscuous interface or for Netflow data,
which may facilitate billing, bandwidth management, traffic analysis, or
creating usage graphs.
.
Data can be stored in memory and queried, displayed directly, or written
to a database; storage methods are quite flexible and may aggregate totals
or keep them separate.
Tag: admin::accounting, admin::configuring, devel::lang:sql, network::scanner, role::program, scope::utility, use::monitor, works-with::db
craig
--
craig sanders <cas@taz.net.au>