On Thu, 13 Feb 2003, Stef Coene wrote: > On Thursday 13 February 2003 20:35, Nelson Guedes Paulo Junior wrote: > > On Thu, 13 Feb 2003, Stef Coene wrote: > > > On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote: > > > > Hi all, > > > > > > > > Just shape my connection isn't enough. I need to monitoring what's > > > > happening, for example, I need to now if my users are downloading t= oo > > > > much, if they are using too much ftp or if thei are ussing too much > > > > SSH. Other things that are relevant are Media Streaming, MP3 > > > > Downloading and Web Traffic. > > > > > > > > BUT, some of these services negociate a high port and use these por= ts > > > > for the traffic. How do I prevent that to consume band and how do I= log > > > > that and make graphics to justify and upgrade on my link > > > > infrastructure? How do I monitor this things??? > > > > > > What if you monitor wel-known port (web, game ports, ...) and have an > > > other monitor for all the rest? And block all other ports so they ha= ve > > > to use the ports you monitor :) >=20 > > This is ok, but HOW I can do that??? (monitor, not block ok??) > You can use iptables. You can create a filter rule (or more) that matche= s the=20 > packets you want to monitor. Schedule a iptables -L -v -n each 5 minutes= and=20 > use the byte counters to update a log file. I recommend rrdtool for it. = I=20 > have some scripts on www.docum.org. The monitor script uses the byte=20 > counters of iptables to get some data. In the GUI section, you can find = some=20 > perl scripts that I use update the rrd files and to create the graph. Thanks Stef. But I've tried to see your examples and all graphs are broken. There are no images at all. Can you fix that??? If you could send me an example attached (don't sendo to the list cause someone may be angry with that) I'll be very happy... :-) > If you need more help, you can contact me. For the rrdtool, I recommend = using=20 > an existing script and adapt it to your needs so you don't have to bother= =20 > about the needed options. I have, at least for the moment, one question about iptables: Does I need to create another chain to sse the bytes like: iptables -N mychain iptables -I INPUT -j mychain iptables -I OUTPUT -j mychain iptables -I FORWARD -j mychain iptables -A mychain -p tcp --dport 22 -j ACCEPT Does I need to do that??? And, if I need, there's some security implication in doing that, I mean, this way how other rules I need to block SSH for not welcomming IP's??? Thanks for all... []'s ----- Nelson Guedes Paulo Junior =20 E-mail: <npaulo@linux.ime.usp.br> UIN: 2489382 (Tender [:alpha:]*) ----------------------------------------------------------------------- Eu cavo, tu cavas, ele cava, n=F3s cavamos, v=F3s cavais, eles cavam... N=E3o =E9 bonito, mas =E9 profundo. -----------------------------------------------------------------------
