J. Nerius wrote: > ntop is great for *short term* monitoring. Generally it will become > unmanageable if run for too long. If you want to monitor and keep > stats over a longer period of time, bandwidthd will probably work > better for you. > > J.N. > > On Thu, 2005-01-06 at 11:42 -0600, Les Mikesell wrote: >> On Thu, 2005-01-06 at 10:28, patrick.leduc@xxxxxxxxxxx wrote: >> >>> Does somebody know a program for monitoring bandwidth by ip? I have >>> one internet interface and I must monitor many ips adresses on this >>> interface. I tried Ipac-ng and, I worked a lot to do this config >>> but it seems not working this way. >> >> Ntop might do what you need. http://www.ntop.org. It can summarize >> and sort traffic by address/port/protocol, etc. I don't use it >> continuously but fire it up for a while if I think something is >> hogging the network. I'll address this as well. Ntop is fantastic at giving you snapshot data of a network, but it is inanely heavy at long term monitoring of services. It got to the point that monitoring traffic from the firewall filled memory and CPU usage if run long enough. It doesn't work for continuous operations. The one really good thing about iptables is that every rule has a counter fo the number of hits that you run through it, so it is possible to create custom counters for your software. This is not a 'simple' process, but it'll give you accurate traffic flows with filtering, etc. that a normal libcap based tool can't give you. PS: /proc/net/dev data is incorrect when netfilter & NAT are enabled. I believe its because NAT (return?) traffic bypass this counter, so any management tool that uses this technique for monitoring bandwith will also be flawed on a netfilter router.
