monitor traffic to different servers in internet.
Moderators: Developers, Moderators
-
techlog2007
- Posts: 5
- Joined: Thu Mar 06, 2008 3:56 am
monitor traffic to different servers in internet.
In our organizationwe use Cati with some plugins like ntop to monitor our network especially bandwdth usage to internet. Cacti works well showing graphs of total bandwidth usage and per ISP bandwidth usage. But we want to monitor bandwidth usage to three vpn servers in the internet from our local clients. we capture all traffic using eth1 interface of Cacti server which is connected to switch monitor port. so, plz help.
-
Howie
- Cacti Guru User
- Posts: 5508
- Joined: Thu Sep 16, 2004 5:53 am
- Location: United Kingdom
- Contact:
Take a look at fProbe, which can take your sniffed traffic and turn it into Netflow data, which is a standard for this type of thing - it's what Cisco, Foundry and some others produce, so there is software around to make reports from Netflow data already.
There is a Netflow-viewer plugin for Cacti called Flowview, and also as a standalone system: nfsen, flow-tools and others, plus commercial packages.
You can also do much more, like traffic per-protocol, or per-AS, or even detecting worms and unknown mail servers...
There is a Netflow-viewer plugin for Cacti called Flowview, and also as a standalone system: nfsen, flow-tools and others, plus commercial packages.
You can also do much more, like traffic per-protocol, or per-AS, or even detecting worms and unknown mail servers...
Weathermap 0.98a is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)
-
techlog2007
- Posts: 5
- Joined: Thu Mar 06, 2008 3:56 am
Thanks Howie.. I tried configuring fProbe but failed to integrate it with cacti. Some posts suggest to use flow-tools & netflow with cacti for proper working if we are monitoring non cisco devices. So, please help me with detailed step by step configuration for the given network layout.
Internal networks - 192.168.1.0/24 and 192.168.2.0/24
Cacti system - Linux CentOS, etho- connected to monitoring port of switch for 192.168.1.0/24 network, eth1- connected to monitoring port of switch for 192.168.2.0/24 network
Cacti and ntop monitor the interfaces eth0 and eth1
Firewall-1 - Linux, IPTables, gateway to ISP-1, eth0 - 192.168.1.0/24 ,eth 1-192.168.2.0/24, eth2 - Public IP
Firewall-2 - Linux, IPTables, gateway to ISP-2, eth0 - 192.168.1.0/24 ,eth 1-192.168.2.0/24, eth2 - Public IP
clients use either F/W-1 or F/W-2 as gateway depending on bandwidth and connect to three VPN servers in Internet and browsing etc.
Now, we want to monitor the bandwidth used by each client as well as each network to each vpnservers in the internet. Plz help
Internal networks - 192.168.1.0/24 and 192.168.2.0/24
Cacti system - Linux CentOS, etho- connected to monitoring port of switch for 192.168.1.0/24 network, eth1- connected to monitoring port of switch for 192.168.2.0/24 network
Cacti and ntop monitor the interfaces eth0 and eth1
Firewall-1 - Linux, IPTables, gateway to ISP-1, eth0 - 192.168.1.0/24 ,eth 1-192.168.2.0/24, eth2 - Public IP
Firewall-2 - Linux, IPTables, gateway to ISP-2, eth0 - 192.168.1.0/24 ,eth 1-192.168.2.0/24, eth2 - Public IP
clients use either F/W-1 or F/W-2 as gateway depending on bandwidth and connect to three VPN servers in Internet and browsing etc.
Now, we want to monitor the bandwidth used by each client as well as each network to each vpnservers in the internet. Plz help
-
Howie
- Cacti Guru User
- Posts: 5508
- Joined: Thu Sep 16, 2004 5:53 am
- Location: United Kingdom
- Contact:
Sorry, I don't use fprobe OR the cacti netflow plugin. I use Cisco netflow and flowtools these days. Before that I used FreeBSD's ng_netflow, which is similar to fprobe in function.
However, if you run fprobe on the two firewalls, exporting netflow data to the Cacti server (you shouldn't need the mirror port), then the standard howtos you mention should help with the rest. The idea is to run the netflow agent (fprobe, or whatever else - there are a few) where your traffic is leaving the network, and then collect it in one point for analysis.
However, if you run fprobe on the two firewalls, exporting netflow data to the Cacti server (you shouldn't need the mirror port), then the standard howtos you mention should help with the rest. The idea is to run the netflow agent (fprobe, or whatever else - there are a few) where your traffic is leaving the network, and then collect it in one point for analysis.
Weathermap 0.98a is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)
you mention using NTOP - i had previously used NTOP and u can get detailed reports on NTOP. per IP per protocol etc etc.
But i guess u want to graph these things on cacti, i think you will be able to get protocol details for an interface using iptables (cant remember off my head) i have seen this on boxes like cpanel.
As long as you get those values to write to a text file then u can feed them to cacti - hmmm the possible options are endless i think, thank you cacti
But i guess u want to graph these things on cacti, i think you will be able to get protocol details for an interface using iptables (cant remember off my head) i have seen this on boxes like cpanel.
As long as you get those values to write to a text file then u can feed them to cacti - hmmm the possible options are endless i think, thank you cacti
Who is online
Users browsing this forum: No registered users and 6 guests