[176128] in North American Network Operators' Group
Re: Linux router traffic monitoring, how? netflow?
daemon@ATHENA.MIT.EDU (Leonardo Arena)
Fri Nov 14 03:34:50 2014
X-Original-To: nanog@nanog.org
From: Leonardo Arena <rnalrd@gmail.com>
To: Eliezer Croitoru <eliezer@ngtech.co.il>
Date: Fri, 14 Nov 2014 09:34:29 +0100
In-Reply-To: <5464E5CA.5030309@ngtech.co.il>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--=-vqaD5XRXspb2aMQVuT3s
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On gio, 2014-11-13 at 19:09 +0200, Eliezer Croitoru wrote:
> Hey all,
>=20
> I have a tiny linux router based on ubuntu and sometimes I get a
> massive load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't
> notify me.
> I can try to use nagios to monitor traffic load for a period of time
> but before I start working on it I want another person opinion and
> options.
>=20
> I have seen netflow in the past but never actually used it.
>=20
> Thanks in advance,
> Eliezer
NFDump [1] also is good if you look at a less fancy analyzer (cmdline
based) but very customizable. You search for that data the you want in
the time slot that you want.
I know there are other projects which can read captured data and present
it in a GUI but I haven't used them myself.
Regards,
leonardo
[1] http://nfdump.sourceforge.net/
--=-vqaD5XRXspb2aMQVuT3s
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUZb6VAAoJELAPckZGG2T69jwH/2OK1U06BLTqA7z8ktmwggXx
JbfN0FJsA49ZSTivpqIcowrMLhS2wYrNXSqmn9aiNcPM7ld1TtqpR7Ua/zq3Asfu
qfbBSTrBKZ+ez7uWGtgOo1KmBR0DOhX0wAqnTjz1L/hBVbrGN33nVglQfChm4PLv
WluEmDmQpbzdRnNJZ+lD9KxkNC/9ZJE9mkg9Dt1oJzZdZHKtFIb/jxLYsM0Nu0Iw
AGXOpp8vS42GIV29/9NnwGHTyWkMnNwHN91NkZm7vnscc3ca6kx/EHYkvslXMoP7
4WRsWK6mDPpAqO9osr/MXiEjIsffbMtrLbW1ww7Bl0LFi/6Gw1W7FtPyAb2BvVg=
=miln
-----END PGP SIGNATURE-----
--=-vqaD5XRXspb2aMQVuT3s--
