[176138] in North American Network Operators' Group
Re: Linux router traffic monitoring, how? netflow?
daemon@ATHENA.MIT.EDU (srn.nanog@prgmr.com)
Fri Nov 14 13:41:01 2014
X-Original-To: nanog@nanog.org
Date: Fri, 14 Nov 2014 10:38:55 -0800
From: srn.nanog@prgmr.com
To: Eliezer Croitoru <eliezer@ngtech.co.il>,
"nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <5464E5CA.5030309@ngtech.co.il>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
fprobe is a linux-based netflow probe that uses libpcap (as does tcpdump) and is already in the
ubuntu universe repository. There is an ipv4-only iptables based version too called fprobe-ulog.
For collectors, it looks like the ones already available in ubuntu are nfcapd from nfdump and
flow-capture from flow-tools. For analysis/alerts, cacti with the thold and flowview plugins might
do the job.
On 11/13/2014 09:09 AM, Eliezer Croitoru wrote:
> Hey all,
>
> I have a tiny linux router based on ubuntu and sometimes I get a
> massive load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't
> notify me.
> I can try to use nagios to monitor traffic load for a period of time
> but before I start working on it I want another person opinion and
> options.
>
> I have seen netflow in the past but never actually used it.
>
> Thanks in advance,
> Eliezer
>
