Has anybody worked on setting up counters based on the service? Eg, not
just the TCP/UDP ports, but HTTP, SMTP, IMAP, Gnutella, Kazaa,
Bittorrent, FTP, Other, etc...
NTop seems to do this quite accurately, but doesn't seem to work too
well with a database. Or, would it better to have Ntop export its data
to pmacctd using the Netflow plugin?
Just wondering if anybody has looked at doing this. One advantage of
counting based on these larger, more encompassing categories is that
there's much less disk space required. At one point I tried including
counters for every TCP/UDP port for every IP, but pmacctd and the
backend databases were not very impressed :-)
Wim
- [pmacct-discussion] types of traffic Wim Kerkhoff
-
