* Re: Bandwidth Monitoring [not found] <04a901c36e18$ad2d6650$2a0110ac@SAMHP> @ 2003-08-31 1:03 ` Arnt Karlsen 2003-09-01 7:33 ` Ray Leach 1 sibling, 0 replies; 21+ messages in thread From: Arnt Karlsen @ 2003-08-31 1:03 UTC (permalink / raw) To: netfilter On Fri, 29 Aug 2003 16:01:11 +0530, "Sathi" <sathiyan@gmx.net> wrote in message <04a901c36e18$ad2d6650$2a0110ac@SAMHP>: > Hello All, > > Is there any way to findout the bandwidth used by a client(LAN user), > from Linux gateway server. > > I have to take monthly statistics of bandwidth used by a client (LAN > user). ..several, 'iptables -vnL' shows how much traffic etc per rule, setting up rules per user and 'iptables -vnL' every month etc is one way, there is MRTG, ntop, RRD etc. > FYI i am using CBQ for bandwidth control ...for each user? Try 'http://fmb.no/ipcop/setup-cbq-0.0.4.tar.bz2', I'm open for ideas etc on -0.0.5. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Bandwidth Monitoring [not found] <04a901c36e18$ad2d6650$2a0110ac@SAMHP> 2003-08-31 1:03 ` Bandwidth Monitoring Arnt Karlsen @ 2003-09-01 7:33 ` Ray Leach 2003-09-04 6:34 ` Dharmendra.T 1 sibling, 1 reply; 21+ messages in thread From: Ray Leach @ 2003-09-01 7:33 UTC (permalink / raw) To: Netfilter Mailing List [-- Attachment #1: Type: text/plain, Size: 662 bytes --] On Fri, 2003-08-29 at 12:31, Sathi wrote: > Hello All, > > Is there any way to findout the bandwidth used by a client(LAN user), from > Linux gateway server. > Have a look at bwacct. It's real easy to setup and works well. www.bwacct.org > I have to take monthly statistics of bandwidth used by a client (LAN user). > > FYI i am using CBQ for bandwidth control > > Regards > Sathi -- -- Raymond Leach <raymondl@knowledgefactory.co.za> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 -- [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Bandwidth Monitoring 2003-09-01 7:33 ` Ray Leach @ 2003-09-04 6:34 ` Dharmendra.T 0 siblings, 0 replies; 21+ messages in thread From: Dharmendra.T @ 2003-09-04 6:34 UTC (permalink / raw) To: Netfilter Mailing List [-- Attachment #1: Type: text/plain, Size: 1361 bytes --] Hi, But to use this we have to install other packages like apache, mysql etc. Which will not be recommended to do on a firewall machine. If bwacct can sniff the data from any other machine and give me the statistics then that works out great for me. Regards Dharmendra.T dharmu@nsecure.net On Mon, 2003-09-01 at 13:03, Ray Leach wrote: On Fri, 2003-08-29 at 12:31, Sathi wrote: > Hello All, > > Is there any way to findout the bandwidth used by a client(LAN user), from > Linux gateway server. > Have a look at bwacct. It's real easy to setup and works well. www.bwacct.org > I have to take monthly statistics of bandwidth used by a client (LAN user). > > FYI i am using CBQ for bandwidth control > > Regards > Sathi -- -- Raymond Leach <raymondl@knowledgefactory.co.za> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 -- -- This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited. [-- Attachment #2: Type: text/html, Size: 3054 bytes --] ^ permalink raw reply [flat|nested] 21+ messages in thread
* bandwidth monitoring
@ 2005-01-06 16:28 patrick.leduc
2005-01-06 17:09 ` J. Nerius
` (5 more replies)
0 siblings, 6 replies; 21+ messages in thread
From: patrick.leduc @ 2005-01-06 16:28 UTC (permalink / raw)
To: netfilter
Hello
Does somebody know a program for monitoring bandwidth by ip? I have one
internet interface and I must monitor many ips adresses on this interface. I
tried Ipac-ng and, I worked a lot to do this config but it seems not working
this way.
thanx
^ permalink raw reply [flat|nested] 21+ messages in thread* Re: bandwidth monitoring 2005-01-06 16:28 bandwidth monitoring patrick.leduc @ 2005-01-06 17:09 ` J. Nerius 2005-01-06 17:42 ` Les Mikesell ` (4 subsequent siblings) 5 siblings, 0 replies; 21+ messages in thread From: J. Nerius @ 2005-01-06 17:09 UTC (permalink / raw) To: patrick.leduc; +Cc: netfilter Hello, I have had good luck with a program called bandwidthd, available at http://bandwidthd.sourceforge.net/ I know it's not netfilter related specifically but I found it met my needs where others failed. J.N. On Thu, 2005-01-06 at 11:28 -0500, patrick.leduc@novipro.com wrote: > Hello > > Does somebody know a program for monitoring bandwidth by ip? I have one > internet interface and I must monitor many ips adresses on this interface. I > tried Ipac-ng and, I worked a lot to do this config but it seems not working > this way. > > thanx > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 16:28 bandwidth monitoring patrick.leduc 2005-01-06 17:09 ` J. Nerius @ 2005-01-06 17:42 ` Les Mikesell 2005-01-06 17:56 ` J. Nerius 2005-01-06 20:09 ` Michael Gale ` (3 subsequent siblings) 5 siblings, 1 reply; 21+ messages in thread From: Les Mikesell @ 2005-01-06 17:42 UTC (permalink / raw) To: patrick.leduc; +Cc: netfilter On Thu, 2005-01-06 at 10:28, patrick.leduc@novipro.com wrote: > Does somebody know a program for monitoring bandwidth by ip? I have one > internet interface and I must monitor many ips adresses on this interface. I > tried Ipac-ng and, I worked a lot to do this config but it seems not working > this way. Ntop might do what you need. http://www.ntop.org. It can summarize and sort traffic by address/port/protocol, etc. I don't use it continuously but fire it up for a while if I think something is hogging the network. -- Les Mikesell les@futuresource.com ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 17:42 ` Les Mikesell @ 2005-01-06 17:56 ` J. Nerius 0 siblings, 0 replies; 21+ messages in thread From: J. Nerius @ 2005-01-06 17:56 UTC (permalink / raw) To: Les Mikesell; +Cc: netfilter ntop is great for *short term* monitoring. Generally it will become unmanageable if run for too long. If you want to monitor and keep stats over a longer period of time, bandwidthd will probably work better for you. J.N. On Thu, 2005-01-06 at 11:42 -0600, Les Mikesell wrote: > On Thu, 2005-01-06 at 10:28, patrick.leduc@novipro.com wrote: > > > Does somebody know a program for monitoring bandwidth by ip? I have one > > internet interface and I must monitor many ips adresses on this interface. I > > tried Ipac-ng and, I worked a lot to do this config but it seems not working > > this way. > > Ntop might do what you need. http://www.ntop.org. It can summarize and > sort traffic by address/port/protocol, etc. I don't use it continuously > but fire it up for a while if I think something is hogging the network. > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 16:28 bandwidth monitoring patrick.leduc 2005-01-06 17:09 ` J. Nerius 2005-01-06 17:42 ` Les Mikesell @ 2005-01-06 20:09 ` Michael Gale 2005-01-06 20:19 ` J. Nerius [not found] ` <41DDA135.5000205@cisco.com> 2005-01-07 1:54 ` Mark E. Donaldson ` (2 subsequent siblings) 5 siblings, 2 replies; 21+ messages in thread From: Michael Gale @ 2005-01-06 20:09 UTC (permalink / raw) To: patrick.leduc, netfilter Hello, To run NTOP permanitly you just have to clear the stats nightly. I have a php script that makes a HTTP connection, downloads the stats from NTOP and saves them in a mysql database. It then makes another connection and tells NTOP to reset the stats. That keeps the memory and CPU usage low ... so you could run it continuously. Michael. patrick.leduc@novipro.com wrote: > Hello > > Does somebody know a program for monitoring bandwidth by ip? I have one > internet interface and I must monitor many ips adresses on this interface. I > tried Ipac-ng and, I worked a lot to do this config but it seems not working > this way. > > thanx > -- Michael Gale Lan Administrator Utilitran Corp. I make better friends with those who think for them selves ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 20:09 ` Michael Gale @ 2005-01-06 20:19 ` J. Nerius 2005-01-06 21:28 ` Michael Gale [not found] ` <41DDA135.5000205@cisco.com> 1 sibling, 1 reply; 21+ messages in thread From: J. Nerius @ 2005-01-06 20:19 UTC (permalink / raw) To: Michael Gale; +Cc: netfilter How many hosts and how much traffic are you running through it? I've wanted to come up with a solution similar to the one you've described to replace my current bandwidthd setup but I'm thinking that my network may be too large with too much traffic to support something like that without building a monster box just to capture the stats. J.N. On Thu, 2005-01-06 at 13:09 -0700, Michael Gale wrote: > Hello, > > To run NTOP permanitly you just have to clear the stats nightly. I have > a php script that makes a HTTP connection, downloads the stats from NTOP > and saves them in a mysql database. It then makes another connection and > tells NTOP to reset the stats. > > That keeps the memory and CPU usage low ... so you could run it > continuously. > > Michael. > > > patrick.leduc@novipro.com wrote: > > Hello > > > > Does somebody know a program for monitoring bandwidth by ip? I have one > > internet interface and I must monitor many ips adresses on this interface. I > > tried Ipac-ng and, I worked a lot to do this config but it seems not working > > this way. > > > > thanx > > > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 20:19 ` J. Nerius @ 2005-01-06 21:28 ` Michael Gale 2005-01-06 21:54 ` J. Nerius 0 siblings, 1 reply; 21+ messages in thread From: Michael Gale @ 2005-01-06 21:28 UTC (permalink / raw) To: netfilter Hello, I am not sure I follow ... NTOP takes care of providing the stats, so if you firewall box or ntop server can handle your network. The storage box can be what and where ever ... for example you could have a low end box somewhere on the network that makes the http connection, downloads the stats and stores them in a database. Then you only need a simple method to display them when needed. If you are a large company it might be easier to setup multiple ntop servers and have all the stats stored in a central location. Michael. J. Nerius wrote: > How many hosts and how much traffic are you running through it? I've > wanted to come up with a solution similar to the one you've described to > replace my current bandwidthd setup but I'm thinking that my network may > be too large with too much traffic to support something like that > without building a monster box just to capture the stats. > > J.N. > > On Thu, 2005-01-06 at 13:09 -0700, Michael Gale wrote: > >>Hello, >> >> To run NTOP permanitly you just have to clear the stats nightly. I have >>a php script that makes a HTTP connection, downloads the stats from NTOP >>and saves them in a mysql database. It then makes another connection and >>tells NTOP to reset the stats. >> >>That keeps the memory and CPU usage low ... so you could run it >>continuously. >> >>Michael. >> >> >>patrick.leduc@novipro.com wrote: >> >>>Hello >>> >>>Does somebody know a program for monitoring bandwidth by ip? I have one >>>internet interface and I must monitor many ips adresses on this interface. I >>>tried Ipac-ng and, I worked a lot to do this config but it seems not working >>>this way. >>> >>>thanx >>> >> > -- Michael Gale Lan Administrator Utilitran Corp. I make better friends with those who think for them selves ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 21:28 ` Michael Gale @ 2005-01-06 21:54 ` J. Nerius 2005-01-06 23:30 ` Michael Gale 0 siblings, 1 reply; 21+ messages in thread From: J. Nerius @ 2005-01-06 21:54 UTC (permalink / raw) To: Michael Gale; +Cc: netfilter Hello, My concern was for the amount of resources NTOP would end up using with the currently volume of traffic we have going through any one link. Basically, there will be at least 3000 hosts totaling around 25 megabits of traffic at any given time. In my experience with ntop for short-term monitoring, I found that in these circumstances, the process size and cpu utilization were quite high. I've been using bandwidthd to collect data and then just rsyncing that data to a different server that actually graphs the data. I'd like to use ntop for it's detailed tracking capabilities, but given the resource utilization issues I've seen in the past, am not sure how feasible this would be. How many hosts and how much traffic is currently going through your setup? It's very possible that I may just need to tweak settings somewhere to improve performance. J.N. On Thu, 2005-01-06 at 14:28 -0700, Michael Gale wrote: > Hello, > > I am not sure I follow ... NTOP takes care of providing the stats, so > if you firewall box or ntop server can handle your network. > > The storage box can be what and where ever ... for example you could > have a low end box somewhere on the network that makes the http > connection, downloads the stats and stores them in a database. > > Then you only need a simple method to display them when needed. If you > are a large company it might be easier to setup multiple ntop servers > and have all the stats stored in a central location. > > Michael. > > > > J. Nerius wrote: > > How many hosts and how much traffic are you running through it? I've > > wanted to come up with a solution similar to the one you've described to > > replace my current bandwidthd setup but I'm thinking that my network may > > be too large with too much traffic to support something like that > > without building a monster box just to capture the stats. > > > > J.N. > > > > On Thu, 2005-01-06 at 13:09 -0700, Michael Gale wrote: ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 21:54 ` J. Nerius @ 2005-01-06 23:30 ` Michael Gale 0 siblings, 0 replies; 21+ messages in thread From: Michael Gale @ 2005-01-06 23:30 UTC (permalink / raw) To: J. Nerius, netfilter Ahhh .. I see now. Our setup is rather small and we only have about 10 megabits max at any given time -- usually much less. Here is the command I use to start ntop: ntop -4 -a /home/ntopwatch/webaccess --daemon -i eth1,eth2 -o -n -p userprolist -s -u ntopwatch -w 192.168.7.1:3000 -M -P /home/ntopwatch/ My userprolist: FTP=ftp|ftp-data HTTP=http|www|https|3128 DIFFHTTP=8080|8888 RDP=3389 DNS=name|domain NBios-IP=netbios-ns|netbios-dgm|netbios-ssn Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2 DHCP-BOOTP=67-68 SNMP=snmp|snmp-trap NNTP=nntp SSH=22 Gnutella=6346|6347|6348 Kazaa=1214 WinMX=6699|7730 DirectConnect=0 eDonkey=4661-4665 Messenger=1863|5000|5001|5190-5193 But the box which is running ntop is: Dual PIII 1.4Ghz with 1GB of RAM. Michael. J. Nerius wrote: > Hello, > > My concern was for the amount of resources NTOP would end up using with > the currently volume of traffic we have going through any one link. > > Basically, there will be at least 3000 hosts totaling around 25 megabits > of traffic at any given time. In my experience with ntop for short-term > monitoring, I found that in these circumstances, the process size and > cpu utilization were quite high. > > I've been using bandwidthd to collect data and then just rsyncing that > data to a different server that actually graphs the data. I'd like to > use ntop for it's detailed tracking capabilities, but given the resource > utilization issues I've seen in the past, am not sure how feasible this > would be. > > How many hosts and how much traffic is currently going through your > setup? It's very possible that I may just need to tweak settings > somewhere to improve performance. > > J.N. > > > On Thu, 2005-01-06 at 14:28 -0700, Michael Gale wrote: > >>Hello, >> >> I am not sure I follow ... NTOP takes care of providing the stats, so >>if you firewall box or ntop server can handle your network. >> >>The storage box can be what and where ever ... for example you could >>have a low end box somewhere on the network that makes the http >>connection, downloads the stats and stores them in a database. >> >>Then you only need a simple method to display them when needed. If you >>are a large company it might be easier to setup multiple ntop servers >>and have all the stats stored in a central location. >> >>Michael. >> >> >> >>J. Nerius wrote: >> >>>How many hosts and how much traffic are you running through it? I've >>>wanted to come up with a solution similar to the one you've described to >>>replace my current bandwidthd setup but I'm thinking that my network may >>>be too large with too much traffic to support something like that >>>without building a monster box just to capture the stats. >>> >>>J.N. >>> >>>On Thu, 2005-01-06 at 13:09 -0700, Michael Gale wrote: > > > -- Michael Gale Lan Administrator Utilitran Corp. I make better friends with those who think for them selves ^ permalink raw reply [flat|nested] 21+ messages in thread
[parent not found: <41DDA135.5000205@cisco.com>]
* Re: bandwidth monitoring [not found] ` <41DDA135.5000205@cisco.com> @ 2005-01-06 21:24 ` Michael Gale 0 siblings, 0 replies; 21+ messages in thread From: Michael Gale @ 2005-01-06 21:24 UTC (permalink / raw) To: Marek Dohojda, netfilter No problem ... I just checked and actually I am using two scripts. The first script: --snip-- runntop -- executed by cron. #!/bin/bash /usr/bin/curl -k -s -s --digest -u ntopUP:ntopUP https://mis.utilitran.com/uploadscripts/ntopget.php > /dev/null if [ "$?" == "0" ]; then echo "File loaded" >> /dev/null else ~/email "Error with NTOP update" netops@utilitran.com < /dev/null fi sleep 5 /usr/bin/curl --basic -u admin:ntopadmin http://ntop.utilitran.com:3000/ntop/resetStats.html if [ "$?" == "0" ]; then echo "File loaded" >> /dev/null else ~/email "Error with NTOP reset" netops@utilitran.com < /dev/null fi --snip-- The first script makes a http request to a php web page that display no data. Then once that is successful it makes a http connections to ntop and resets the stats. The second script ... that the first script calls, uses curl to make a http connection to the ntop server, download the stats and store them in a database. The scripts are kind of messy ... really my first attempt. You may notice that data_total is not being used .. that is because I am working on storing the total amounts somewhere .. but that is not done. The second script: --snip-- ntopget.php -- executed by http request <?php // // The PHP curl module supports the received page to be returned in a variable // if told. // $dat=date('m:d:y-U'); $startphp="<?php\n"; $endphp="?>"; echo 'Preparing to download file<BR>'; $fp = fopen('/home/mis/htdocs/datafiles/ntop/data/' . $dat, 'w'); fwrite($fp,$startphp,strlen($startphp)); fclose($fp); $fp = fopen('/home/mis/htdocs/datafiles/ntop/data/' . $dat, 'a'); $ch = curl_init("http://ntop.utilitran.com:3000/ntop/dumpData.html?language=php&view=long"); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fclose($fp); $fp = fopen('/home/mis/htdocs/datafiles/ntop/data/' . $dat, 'a'); fwrite($fp,$endphp,strlen($endphp)); fclose($fp); echo 'Done downloading file<BR>'; include '/home/mis/htdocs/datafiles/ntop/data/' . $dat; // Start of using array $db = mysql_connect("127.0.0.1", "ntop", "ntop") or die("Error ... check with network team"); mysql_select_db("ntop",$db); foreach ($ntopHash as $key => $value) { $addme = strpos($key,"192.168.7"); $data = array(); if ( $addme !== FALSE ) { array_push($data,$key); array_push($data,$ntopHash[$key]['hostResolvedName']); array_push($data,$dat); array_push($data,$ntopHash[$key]['ethAddressString']); array_push($data,$ntopHash[$key]['firstSeen']); array_push($data,$ntopHash[$key]['lastSeen']); array_push($data,$ntopHash[$key]['averageRcvdThpt']); array_push($data,$ntopHash[$key]['averageSentThpt']); array_push($data,$ntopHash[$key]['averageTThpt']); array_push($data,$ntopHash[$key]['icmpSent']); array_push($data,$ntopHash[$key]['icmpRcvd']); array_push($data,$ntopHash[$key]['IP']['FTP']['sendLoc']); array_push($data,$ntopHash[$key]['IP']['FTP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['FTP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['FTP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['HTTP']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['HTTP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['HTTP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['HTTP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['DIFFHTTP']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['DIFFHTTP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['DIFFHTTP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['DIFFHTTP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['RDP']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['RDP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['RDP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['RDP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['DNS']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['DNS']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['DNS']['sentRem']); array_push($data,$ntopHash[$key]['IP']['DNS']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['Mail']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['Mail']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['Mail']['sentRem']); array_push($data,$ntopHash[$key]['IP']['Mail']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['DHCP-BOOTP']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['DHCP-BOOTP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['DHCP-BOOTP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['DHCP-BOOTP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['SNMP']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['SNMP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['SNMP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['SNMP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['NNTP']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['NNTP']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['NNTP']['sentRem']); array_push($data,$ntopHash[$key]['IP']['NNTP']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['SSH']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['SSH']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['SSH']['sentRem']); array_push($data,$ntopHash[$key]['IP']['SSH']['rcvdFromRem']); array_push($data,$ntopHash[$key]['IP']['Messenger']['sentLoc']); array_push($data,$ntopHash[$key]['IP']['Messenger']['rcvdLoc']); array_push($data,$ntopHash[$key]['IP']['Messenger']['sentRem']); array_push($data,$ntopHash[$key]['IP']['Messenger']['rcvdFromRem']); foreach ( $data as $key => $value ) { $data_table = $data_table . '\'' . $value . '\','; } for ($i=0;$i<6;$i++) { $data_total = $data_total . '\'' . $data_table[$i] . '\','; } $data_table = substr($data_table,0,(strlen($data_table)-1)); $data_total = substr($data_total,0,(strlen($data_total)-1)); // Here we upload the data into the daily table $sql = "INSERT INTO ntop_daily VALUES ($data_table)"; $result = mysql_query($sql) or die("Error ..... check with network team " . mysql_error()); if ( $result === FALSE ) { exec('/home/mis/email "NTOP Nightly Update FAILED" "The NTOP nightly update failed" \&/> /dev/null'); } } unset($data_table); unset($data_total); unset($data); unset($result); } mysql_close($db); ?> --snip-- Marek Dohojda wrote: > Can I see that script? > > > > > > --- > 01001101011000010111001001100101011010110010000001000100010011110110100001101111011010100110010001100001 > > > Michael Gale wrote: > >> Hello, >> >> To run NTOP permanitly you just have to clear the stats nightly. I >> have a php script that makes a HTTP connection, downloads the stats >> from NTOP and saves them in a mysql database. It then makes another >> connection and tells NTOP to reset the stats. >> >> That keeps the memory and CPU usage low ... so you could run it >> continuously. >> >> Michael. >> >> >> patrick.leduc@novipro.com wrote: >> >>> Hello >>> >>> Does somebody know a program for monitoring bandwidth by ip? I have >>> one internet interface and I must monitor many ips adresses on this >>> interface. I tried Ipac-ng and, I worked a lot to do this config but >>> it seems not working this way. >>> >>> thanx >>> >> -- Michael Gale Lan Administrator Utilitran Corp. I make better friends with those who think for them selves ^ permalink raw reply [flat|nested] 21+ messages in thread
* RE: bandwidth monitoring 2005-01-06 16:28 bandwidth monitoring patrick.leduc ` (2 preceding siblings ...) 2005-01-06 20:09 ` Michael Gale @ 2005-01-07 1:54 ` Mark E. Donaldson 2005-01-10 13:45 ` Fabiano Reis 2005-01-26 18:33 ` Ranjeet Shetye 5 siblings, 0 replies; 21+ messages in thread From: Mark E. Donaldson @ 2005-01-07 1:54 UTC (permalink / raw) To: patrick.leduc, netfilter http://bandwidthd.sourceforge.net/ -----Original Message----- From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of patrick.leduc@novipro.com Sent: Thursday, January 06, 2005 8:28 AM To: netfilter@lists.netfilter.org Subject: bandwidth monitoring Hello Does somebody know a program for monitoring bandwidth by ip? I have one internet interface and I must monitor many ips adresses on this interface. I tried Ipac-ng and, I worked a lot to do this config but it seems not working this way. thanx ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at bandwidthco.com is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at bandwidthco.com is for your absolute protection. ######################################################## ^ permalink raw reply [flat|nested] 21+ messages in thread
* RE: bandwidth monitoring 2005-01-06 16:28 bandwidth monitoring patrick.leduc ` (3 preceding siblings ...) 2005-01-07 1:54 ` Mark E. Donaldson @ 2005-01-10 13:45 ` Fabiano Reis 2005-01-26 18:33 ` Ranjeet Shetye 5 siblings, 0 replies; 21+ messages in thread From: Fabiano Reis @ 2005-01-10 13:45 UTC (permalink / raw) To: patrick.leduc, netfilter I´m acctualy using hotsanic to make this. http://hotsanic.sourceforge.net/ it have features to monitore other things as well... -----Original Message----- From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of patrick.leduc@novipro.com Sent: Thursday, January 06, 2005 2:28 PM To: netfilter@lists.netfilter.org Subject: bandwidth monitoring Hello Does somebody know a program for monitoring bandwidth by ip? I have one internet interface and I must monitor many ips adresses on this interface. I tried Ipac-ng and, I worked a lot to do this config but it seems not working this way. thanx ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-06 16:28 bandwidth monitoring patrick.leduc ` (4 preceding siblings ...) 2005-01-10 13:45 ` Fabiano Reis @ 2005-01-26 18:33 ` Ranjeet Shetye 2005-01-26 20:00 ` Jose Maria Lopez 5 siblings, 1 reply; 21+ messages in thread From: Ranjeet Shetye @ 2005-01-26 18:33 UTC (permalink / raw) To: netfilter * patrick.leduc@novipro.com (patrick.leduc@novipro.com) wrote: > Hello > > Does somebody know a program for monitoring bandwidth by ip? I have one > internet interface and I must monitor many ips adresses on this interface. I > tried Ipac-ng and, I worked a lot to do this config but it seems not working > this way. > > thanx > Long term bandwidth usage can be tracked using MRTG. (stored data + daemon + http server + web based gui) Instantaneous bandwidth usage can be tracked using iftop. (ncurses) -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: bandwidth monitoring 2005-01-26 18:33 ` Ranjeet Shetye @ 2005-01-26 20:00 ` Jose Maria Lopez 0 siblings, 0 replies; 21+ messages in thread From: Jose Maria Lopez @ 2005-01-26 20:00 UTC (permalink / raw) To: netfilter@lists.netfilter.org El mié, 26 de 01 de 2005 a las 19:33, Ranjeet Shetye escribió: > * patrick.leduc@novipro.com (patrick.leduc@novipro.com) wrote: > > Hello > > > > Does somebody know a program for monitoring bandwidth by ip? I have one > > internet interface and I must monitor many ips adresses on this interface. I > > tried Ipac-ng and, I worked a lot to do this config but it seems not working > > this way. > > > > thanx > > > > Long term bandwidth usage can be tracked using MRTG. (stored data + > daemon + http server + web based gui) > > Instantaneous bandwidth usage can be tracked using iftop. (ncurses) You can try our bastion-firewall-stats-addon, it's GPL and it uses rrdtool to do the graphical stats. It's very easy to use, but you have to use bastion-firewall to use it. Another good option it's using something like Cacti to have an interface to Rrdtool. It has scripts to monitor interfaces and can do all kind of graphs. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ^ permalink raw reply [flat|nested] 21+ messages in thread
* RE: bandwidth monitoring
@ 2005-01-06 19:04 Daniel Chemko
2005-01-06 19:39 ` Les Mikesell
0 siblings, 1 reply; 21+ messages in thread
From: Daniel Chemko @ 2005-01-06 19:04 UTC (permalink / raw)
To: J. Nerius, Les Mikesell; +Cc: netfilter
J. Nerius wrote:
> ntop is great for *short term* monitoring. Generally it will become
> unmanageable if run for too long. If you want to monitor and keep
> stats over a longer period of time, bandwidthd will probably work
> better for you.
>
> J.N.
>
> On Thu, 2005-01-06 at 11:42 -0600, Les Mikesell wrote:
>> On Thu, 2005-01-06 at 10:28, patrick.leduc@novipro.com wrote:
>>
>>> Does somebody know a program for monitoring bandwidth by ip? I have
>>> one internet interface and I must monitor many ips adresses on this
>>> interface. I tried Ipac-ng and, I worked a lot to do this config
>>> but it seems not working this way.
>>
>> Ntop might do what you need. http://www.ntop.org. It can summarize
>> and sort traffic by address/port/protocol, etc. I don't use it
>> continuously but fire it up for a while if I think something is
>> hogging the network.
I'll address this as well. Ntop is fantastic at giving you snapshot data
of a network, but it is inanely heavy at long term monitoring of
services. It got to the point that monitoring traffic from the firewall
filled memory and CPU usage if run long enough. It doesn't work for
continuous operations.
The one really good thing about iptables is that every rule has a
counter fo the number of hits that you run through it, so it is
possible to create custom counters for your software. This is not a
'simple' process, but it'll give you accurate traffic flows with
filtering, etc. that a normal libcap based tool can't give you. PS:
/proc/net/dev data is incorrect when netfilter & NAT are enabled. I
believe its because NAT (return?) traffic bypass this counter, so any
management tool that uses this technique for monitoring bandwith will
also be flawed on a netfilter router.
^ permalink raw reply [flat|nested] 21+ messages in thread* RE: bandwidth monitoring 2005-01-06 19:04 Daniel Chemko @ 2005-01-06 19:39 ` Les Mikesell 0 siblings, 0 replies; 21+ messages in thread From: Les Mikesell @ 2005-01-06 19:39 UTC (permalink / raw) To: Daniel Chemko; +Cc: netfilter On Thu, 2005-01-06 at 13:04, Daniel Chemko wrote: > I'll address this as well. Ntop is fantastic at giving you snapshot data > of a network, but it is inanely heavy at long term monitoring of > services. It got to the point that monitoring traffic from the firewall > filled memory and CPU usage if run long enough. It doesn't work for > continuous operations. The thing to keep in mind is that it is keeping a database that includes all of the remote IP addresses and ports as well as the local ones, so of course this will grow quickly. I haven't needed to deal with long-term histories so I haven't investigated the possibilities but I do recall something about ntop being able to start new logs and archive the old ones as needed to limit the active size. There are tools to monitor and summarize netflows between each pair of addresses, but again I haven't used that part of the package. There is also some support for RRD databases which would probably be the way to go for longer histories. -- Les Mikesell les@futuresource.com ^ permalink raw reply [flat|nested] 21+ messages in thread
* RE: bandwidth monitoring
@ 2005-01-06 20:28 Daniel Chemko
0 siblings, 0 replies; 21+ messages in thread
From: Daniel Chemko @ 2005-01-06 20:28 UTC (permalink / raw)
To: J. Nerius, Michael Gale; +Cc: netfilter
J. Nerius wrote:
> How many hosts and how much traffic are you running through it? I've
> wanted to come up with a solution similar to the one you've described
> to replace my current bandwidthd setup but I'm thinking that my
> network may be too large with too much traffic to support something
> like that without building a monster box just to capture the stats.
>
If you have a small static number of hosts in/out of your system, you
may want to use netfilter blank rule counters since the penalty of
passing each counter is very very low (entirely kernel side).
To put this in perspective, there've been a lot of performance issues
with people running 10000+ rule sites with adverse effects on their
network setup. Lower than that, and the impact is pretty low. Plus,
blank rules don't do anything but increment the counter, so the actual
CPU utilization of these rules are even lower. This is to give maxumum
accounting of an existing kernel. I'm sure there have been a few
in-kernel accounting packages made, but I can't recall any at the
moment. Maybe someone here can refresh our memory.
Of course the problem with this approach is that you have to know what
IP's that are generating traffic before setting this thing up since the
iptables rules are static. Its good if you want to monitor internal
user's traffic to the net and the amount of traffic a server is getting,
but to actually track the internet endpoints, you're better off using a
dynamic traffic tracking tools like ntop or bandwidthd.
^ permalink raw reply [flat|nested] 21+ messages in thread* Re: bandwidth monitoring
@ 2005-01-07 5:48 Patrich Björklund
0 siblings, 0 replies; 21+ messages in thread
From: Patrich Björklund @ 2005-01-07 5:48 UTC (permalink / raw)
To: netfilter
Hi, there. I dont really know if you just wanna know what ips gets
to/through your interfaces? I have a prog called tcpick. It show like
this:
root # tcpick -i eth0 -C
Starting tcpick 0.1.19
tcpick: listening on eth0
SYN-SENT 192.168.0.2:45190 > 217.215.148.17:pop3
SYN-RECEIVED 192.168.0.2:45190 > 217.215.148.17:pop3
ESTABLISHED 192.168.0.2:45190 > 217.215.148.17:pop3
FIN-WAIT-1 192.168.0.2:45190 > 217.215.148.17:pop3
FIN-WAIT-2 192.168.0.2:45190 > 217.215.148.17:pop3
>Hello
>
>Does somebody know a program for monitoring bandwidth by ip? I have
>one
>internet interface and I must monitor many ips adresses on this
>interface. I
>tried Ipac-ng and, I worked a lot to do this config but it seems not
>working
>this way.
>
>thanx
------------------------------
^ permalink raw reply [flat|nested] 21+ messages in threadend of thread, other threads:[~2005-01-26 20:00 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <04a901c36e18$ad2d6650$2a0110ac@SAMHP>
2003-08-31 1:03 ` Bandwidth Monitoring Arnt Karlsen
2003-09-01 7:33 ` Ray Leach
2003-09-04 6:34 ` Dharmendra.T
2005-01-06 16:28 bandwidth monitoring patrick.leduc
2005-01-06 17:09 ` J. Nerius
2005-01-06 17:42 ` Les Mikesell
2005-01-06 17:56 ` J. Nerius
2005-01-06 20:09 ` Michael Gale
2005-01-06 20:19 ` J. Nerius
2005-01-06 21:28 ` Michael Gale
2005-01-06 21:54 ` J. Nerius
2005-01-06 23:30 ` Michael Gale
[not found] ` <41DDA135.5000205@cisco.com>
2005-01-06 21:24 ` Michael Gale
2005-01-07 1:54 ` Mark E. Donaldson
2005-01-10 13:45 ` Fabiano Reis
2005-01-26 18:33 ` Ranjeet Shetye
2005-01-26 20:00 ` Jose Maria Lopez
-- strict thread matches above, loose matches on Subject: below --
2005-01-06 19:04 Daniel Chemko
2005-01-06 19:39 ` Les Mikesell
2005-01-06 20:28 Daniel Chemko
2005-01-07 5:48 Patrich Björklund
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox