[176127] in North American Network Operators' Group
Re: Linux router traffic monitoring, how? netflow?
daemon@ATHENA.MIT.EDU (Wayne Lee)
Fri Nov 14 02:39:58 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <DUB405-EAS43B4DBD8E6EFC8707D3DFABB8C0@phx.gbl>
Date: Fri, 14 Nov 2014 02:39:51 -0500
From: Wayne Lee <linkconnect@googlemail.com>
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hello
I've used ntop in the past with great success.
ntop.org
Regards
Wayne
On 14 November 2014 02:35, Murat Kaipov <mkaipov@outlook.com> wrote:
> Hello Eliezer.
> Netflow will be the best solution to find the host that's generate load.
> First you need decide what netflow analyzer you'll use. I know about some
> plugin to Cacti. Than you need install IPT-NETFLOW to your Ubuntu router.
> Also you have another way, you can monitor (snmp traffic) all ports on
> switches and then find analyze.
> B.R. Murat
>
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Eliezer Croitoru
> Sent: Thursday, November 13, 2014 8:10 PM
> To: nanog@nanog.org
> Subject: Linux router traffic monitoring, how? netflow?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey all,
>
> I have a tiny linux router based on ubuntu and sometimes I get a massive
> load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't notify me.
> I can try to use nagios to monitor traffic load for a period of time but
> before I start working on it I want another person opinion and options.
>
> I have seen netflow in the past but never actually used it.
>
> Thanks in advance,
> Eliezer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ
> GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R
> MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP
> eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4
> cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2
> IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM=
> =gZaZ
> -----END PGP SIGNATURE-----
>
