[176126] in North American Network Operators' Group
RE: Linux router traffic monitoring, how? netflow?
daemon@ATHENA.MIT.EDU (Murat Kaipov)
Fri Nov 14 02:35:57 2014
X-Original-To: nanog@nanog.org
From: Murat Kaipov <mkaipov@outlook.com>
To: "'Eliezer Croitoru'" <eliezer@ngtech.co.il>,
<nanog@nanog.org>
In-Reply-To: <5464E5CA.5030309@ngtech.co.il>
Date: Fri, 14 Nov 2014 10:35:44 +0300
Errors-To: nanog-bounces@nanog.org
Hello Eliezer.
Netflow will be the best solution to find the host that's generate load. =
First you need decide what netflow analyzer you'll use. I know about =
some plugin to Cacti. Than you need install IPT-NETFLOW to your Ubuntu =
router.
Also you have another way, you can monitor (snmp traffic) all ports on =
switches and then find analyze.=20
B.R. Murat
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Eliezer =
Croitoru
Sent: Thursday, November 13, 2014 8:10 PM
To: nanog@nanog.org
Subject: Linux router traffic monitoring, how? netflow?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey all,
I have a tiny linux router based on ubuntu and sometimes I get a massive =
load of UDP traffic because of one of the PCs in the network.
Usually I handle the situation with a strict block using iptables.
The main issue is to find it due to the load.
For now I am monitoring the traffic load using MRTG but it won't notify =
me.
I can try to use nagios to monitor traffic load for a period of time but =
before I start working on it I want another person opinion and options.
I have seen netflow in the past but never actually used it.
Thanks in advance,
Eliezer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ
GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R
MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP
eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4
cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2
IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM=3D
=3DgZaZ
-----END PGP SIGNATURE-----
