Re: [LARTC] Monitoring....

From: Nelson Guedes Paulo Junior <npaulo@linux.ime.usp.br>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Monitoring....
Date: Thu, 13 Feb 2003 21:37:14 +0000	[thread overview]
Message-ID: <marc-lartc-104517232115017@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104515865524996@msgid-missing>

On Thu, 13 Feb 2003, Stef Coene wrote:
> On Thursday 13 February 2003 20:35, Nelson Guedes Paulo Junior wrote:
> > On Thu, 13 Feb 2003, Stef Coene wrote:
> > > On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote:
> > > > Hi all,
> > > >
> > > > Just shape my connection isn't enough. I need to monitoring what's
> > > > happening, for example, I need to now if my users are downloading too
> > > > much, if they are using too much ftp or if thei are ussing too much
> > > > SSH. Other things that are relevant are Media Streaming, MP3
> > > > Downloading and Web Traffic.
> > > >
> > > > BUT, some of these services negociate a high port and use these ports
> > > > for the traffic. How do I prevent that to consume band and how do I log
> > > > that and make graphics to justify and upgrade on my link
> > > > infrastructure? How do I monitor this things???
> > >
> > > What if you monitor wel-known port (web, game ports, ...) and have an
> > > other monitor for all the rest?  And block all other ports so they have
> > > to use the ports you monitor :)
> 
> > This is ok, but HOW I can do that??? (monitor, not block ok??)
> You can use iptables.  You can create a filter rule (or more) that matches the 
> packets you want to monitor.  Schedule a iptables -L -v -n each 5 minutes and 
> use the byte counters to update a log file.  I recommend rrdtool for it.  I 
> have some scripts on www.docum.org.  The monitor script uses the byte 
> counters of iptables to get some data.  In the GUI section, you can find some 
> perl scripts that I use update the rrd files and to create the graph.

Thanks Stef.
But I've tried to see your examples and all graphs are broken. There are
no images at all. Can you fix that???

If you could send me an example attached (don't sendo to the list cause
someone may be angry with that) I'll be very happy... :-)

> If you need more help, you can contact me.  For the rrdtool, I recommend using 
> an existing script and adapt it to your needs so you don't have to bother 
> about the needed options.

I have, at least for the moment, one question about iptables:

Does I need to create another chain to sse the bytes like:

iptables -N mychain
iptables -I INPUT -j mychain
iptables -I OUTPUT -j mychain
iptables -I FORWARD -j mychain
iptables -A mychain -p tcp --dport 22 -j ACCEPT

Does I need to do that???

And, if I need, there's some security implication in doing that, I mean,
this way how other rules I need to block SSH for not welcomming IP's???

Thanks for all...

[]'s

-----
Nelson Guedes Paulo Junior   
E-mail:  <npaulo@linux.ime.usp.br>   UIN: 2489382 (Tender [:alpha:]*)
-----------------------------------------------------------------------
Eu cavo, tu cavas, ele cava, nós cavamos, vós cavais,
eles cavam... Não é bonito, mas é profundo.
-----------------------------------------------------------------------

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/