* [LARTC] logging traffic on port/remote host/localhost
@ 2003-02-10 5:25 Alex Polite
2003-02-10 5:48 ` Martin A. Brown
0 siblings, 1 reply; 2+ messages in thread
From: Alex Polite @ 2003-02-10 5:25 UTC (permalink / raw)
To: lartc
I maintain a iptables firewall/router for a small office (15 users).
I've just installed wondershaper and managed to tune
it... almost. When testing and tuning I get good latency even under
heavy load, but in my latencylogs there are still some ugly spots. To
further tune this (maybe I need to add some ports to NOPRIOPORTSRC) I
want to add some logging so that I can got back and see exactly what
traffic I had when latency was bad. I want to see what internal hosts and
external host were generating the traffic. What ports they were
talking on, what protocols etc.
I know how to add logging in iptables but reading the logs is kind of
tiresome. I rather have something like iptraf but that can be run
after the fact.
alex
--
Alex Polite
http://plusseven.com/gpg
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] logging traffic on port/remote host/localhost
2003-02-10 5:25 [LARTC] logging traffic on port/remote host/localhost Alex Polite
@ 2003-02-10 5:48 ` Martin A. Brown
0 siblings, 0 replies; 2+ messages in thread
From: Martin A. Brown @ 2003-02-10 5:48 UTC (permalink / raw)
To: lartc
Alex,
: I want to add some logging so that I can got back and see exactly what
: traffic I had when latency was bad. I want to see what internal hosts
: and external host were generating the traffic. What ports they were
: talking on, what protocols etc.
:
: I know how to add logging in iptables but reading the logs is kind of
: tiresome. I rather have something like iptraf but that can be run
: after the fact.
You definitely want to visit Stef Coene's site [1] and have a look first
at his GUI tools [2] and possibly also some of his monitoring scripts. [3]
Don't forget about ntop, which (in its "new" incarnation) collects
statistical data you can examine after the fact. [4]
There are others interested in the same sort of (general) question, also
on this mailing list. [5]
And if you are comfortable with your current iptables commands, why not
consider the iptacct tool. [6]
Good luck,
-Martin
[1] http://www.docum.org/
[2] http://www.docum.org/stef.coene/qos/gui/
[3] http://www.docum.org/stef.coene/qos/monitor/
[4] http://www.ntop.org/ntop.html
[5] http://mailman.ds9a.nl/pipermail/lartc/2002q4/005752.html
[6] http://tretmine.org/iptacct/
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-02-10 5:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-02-10 5:25 [LARTC] logging traffic on port/remote host/localhost Alex Polite
2003-02-10 5:48 ` Martin A. Brown
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.