On Nov 12, 2007, at 10:31 AM, Joel Gudknecht wrote:
Misc list:
I'm trying to figure out a way to log and analyze bandwidth usage
passing through my PF gateway. It's doing NAT for ~60 users.
Here are the pertinent logging rules;
rdr pass log on $ext_if proto tcp to port smtp -> $host
rdr pass log on $ext_if proto tcp to port www -> $host
rdr pass log on $ext_if proto tcp to port pop3 -> $host
rdr pass log on $ext_if proto tcp to port 1494 -> $host
rdr pass log on $ext_if proto tcp to port 3389 -> $host
pass out log keep state
I've tried analyzing pflogs using ethereal/wireshark but could not get
specifics about IP's and connection rates from it. I've also looked at
ntop and pftop, which looks good for real-time monitoring but I don't
think they apply for what I'm trying to do.
I'd like to generate a sorted list of top bandwidth hogs and their
IP addresses.
You've gotten some good suggestions. For no particular reason at all,
I figured I would mention this related project. I don't know the
author, but it looks vaguely interesting. Rumors are it will have a
port for OpenBSD when it's ready for testing. It's designed to read
in data from flowd (via fifo). The examples are live NetFlow streams
generated by pfflowd.
http://www.netflowdashboard.com/demo/
user = guest
pass = guest
---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
