On Thursday 13 February 2003 20:35, Nelson Guedes Paulo Junior wrote:
> On Thu, 13 Feb 2003, Stef Coene wrote:
> > On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote:
> > > Hi all,
> > >
> > > Just shape my connection isn't enough. I need to monitoring what's
> > > happening, for example, I need to now if my users are downloading too
> > > much, if they are using too much ftp or if thei are ussing too much
> > > SSH. Other things that are relevant are Media Streaming, MP3
> > > Downloading and Web Traffic.
> > >
> > > BUT, some of these services negociate a high port and use these ports
> > > for the traffic. How do I prevent that to consume band and how do I log
> > > that and make graphics to justify and upgrade on my link
> > > infrastructure? How do I monitor this things???
> >
> > What if you monitor wel-known port (web, game ports, ...) and have an
> > other monitor for all the rest? And block all other ports so they have
> > to use the ports you monitor :)
> This is ok, but HOW I can do that??? (monitor, not block ok??)
You can use iptables. You can create a filter rule (or more) that matches the
packets you want to monitor. Schedule a iptables -L -v -n each 5 minutes and
use the byte counters to update a log file. I recommend rrdtool for it. I
have some scripts on www.docum.org. The monitor script uses the byte
counters of iptables to get some data. In the GUI section, you can find some
perl scripts that I use update the rrd files and to create the graph.
If you need more help, you can contact me. For the rrdtool, I recommend using
an existing script and adapt it to your needs so you don't have to bother
about the needed options.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
