[clug] IP network traffic monitoring
Andrew Smith
andrew at coolchilli.com
Wed Sep 14 01:37:07 GMT 2005
Sorry, should add that this won't provide the flow analysis bit, just the
paranoid bit.
Andrew Smith wrote:
> Hi Tony,
>
> I've got snort running on a high volume network, logging into mysql 4.
> I use acid to provide reports and queries. The snort rules take a bit
> of tuning, they are a little overly sensitive out of the box.
>
> Don't know about Debian packages, I'm on the other side of the fence :)
>
> Andrew
>
> Tony and Robyn Lewis wrote:
>
>> I am a paranoid bunny. I want a tool that will sniff my
>> internet-facing interface, and store "flow" information (source/dest
>> IP/port, time, proto, packet/byte count). Does such a beast exist as
>> a debian package, or any other package?
>>
>> I know there are lots of network monitoring stuff (been through
>> http://packages.debian.org/testing/net) but nothing that can do graphs
>> and/or reporting by that resolution.
>>
>> The nearest I can find is something like pmacct, or ulog-acctd, and
>> pumping that into a database/file and then having a web front end to
>> generate graphs. But I'd love to find something already rolled.
>> flow-tools comes close if I can find something that will generate
>> netflow data.
>>
>> My underlying requirement is this: I use cacti, and it reported to me
>> last night that my upload was maxed out between around 3am to 6am. I
>> don't know why. I've checked the logs for the apps that operate on
>> the ports I have open, and nothing jumps out, and so I'm a little
>> stumped and curious/nervous. Some monitoring tool like this would help.
>>
>> Tony Lewis
>>
More information about the linux
mailing list