On Tue, Oct 19, 2004 at 06:13:03PM +0200, Hilko Bengen wrote: > "Francesco P. Lovergine" <[EMAIL PROTECTED]> writes: > > > The main purpose is identify periodically boxes on an internal > > private network which cause very high traffic, due to worms, virus > > and so. A per-IP simple report a la mrtg could be nice. > > <plug mode="shameless"> My ulog-acctd, installed on the border router > using Netfilter, has put much less load on the routers as compared to > net-acct and any libpcap-based tool in tests at the ISP for which I > wrote it.</plug>
sounds like a good tool. > With a little know-how in shell-scripting, it should be trivial to > generate statistics and graphs from its output. if you modified it to produce Netflow output (same as cisco and other routers), then there's a good range of tools which already exist to do this. and, it's always a good idea to use an existing standard rather than reinvent the wheel. e.g. these are already in debian: flow-tools - collects and processes NetFlow data flowscan - flow-based IP traffic analysis and visualization tool libcflow-perl - Perl module for analyzing raw IP flow files written by cflowd btw, there are also two libpcap-based netflow capturers already debianised - a netfilter/ulog alternative would be a good thing. fprobe - exports NetFlow V5 datagrams to a remote collector pmacct - promiscuous mode traffic accountant craig -- craig sanders <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
