--- Joel Gudknecht <[EMAIL PROTECTED]> wrote:
> Misc list:
>
> I'm trying to figure out a way to log and analyze bandwidth usage
> passing through my PF gateway. It's doing NAT for ~60 users.
>
> Here are the pertinent logging rules;
>
> rdr pass log on $ext_if proto tcp to port smtp -> $host
> rdr pass log on $ext_if proto tcp to port www -> $host
> rdr pass log on $ext_if proto tcp to port pop3 -> $host
> rdr pass log on $ext_if proto tcp to port 1494 -> $host
> rdr pass log on $ext_if proto tcp to port 3389 -> $host
>
> pass out log keep state
>
> I've tried analyzing pflogs using ethereal/wireshark but could not
> get
> specifics about IP's and connection rates from it. I've also looked
> at
> ntop and pftop, which looks good for real-time monitoring but I don't
> think they apply for what I'm trying to do.
>
> I'd like to generate a sorted list of top bandwidth hogs and their IP
> addresses.
I don't think there is any built-in way of doing this. What I did was
write a shell script that interacts with labels contained in pf.conf.
The script runs every five minutes and processes the data. I used to
have it according to IP and protocol but eventually got rid of the IP
side as my pf.conf was getting really messy.
// juan
Ask a question on any topic and get answers from real people. Go to
Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
