[clug] IP network traffic monitoring
Andrew Smith
andrew at coolchilli.com
Wed Sep 14 01:32:50 GMT 2005
Hi Tony,
I've got snort running on a high volume network, logging into mysql 4. I use
acid to provide reports and queries. The snort rules take a bit of tuning, they
are a little overly sensitive out of the box.
Don't know about Debian packages, I'm on the other side of the fence :)
Andrew
Tony and Robyn Lewis wrote:
> I am a paranoid bunny. I want a tool that will sniff my internet-facing
> interface, and store "flow" information (source/dest IP/port, time,
> proto, packet/byte count). Does such a beast exist as a debian package,
> or any other package?
>
> I know there are lots of network monitoring stuff (been through
> http://packages.debian.org/testing/net) but nothing that can do graphs
> and/or reporting by that resolution.
>
> The nearest I can find is something like pmacct, or ulog-acctd, and
> pumping that into a database/file and then having a web front end to
> generate graphs. But I'd love to find something already rolled.
> flow-tools comes close if I can find something that will generate
> netflow data.
>
> My underlying requirement is this: I use cacti, and it reported to me
> last night that my upload was maxed out between around 3am to 6am. I
> don't know why. I've checked the logs for the apps that operate on the
> ports I have open, and nothing jumps out, and so I'm a little stumped
> and curious/nervous. Some monitoring tool like this would help.
>
> Tony Lewis
>
More information about the linux
mailing list