Linux router traffic monitoring, how? netflow?
jloiacon at csc.com
Fri Nov 14 13:50:11 UTC 2014
If you go the netflow route you might consider FlowViewer/SiLK for the
collector/analyzer. It is web driven and allows you to easily establish
traffic thresholds which will generate an alert email.
"NANOG" <nanog-bounces at nanog.org> wrote on 11/14/2014 02:35:44 AM:
> From: Murat Kaipov <mkaipov at outlook.com>
> To: "'Eliezer Croitoru'" <eliezer at ngtech.co.il>, <nanog at nanog.org>
> Date: 11/14/2014 02:37 AM
> Subject: RE: Linux router traffic monitoring, how? netflow?
> Sent by: "NANOG" <nanog-bounces at nanog.org>
> Hello Eliezer.
> Netflow will be the best solution to find the host that's generate
> load. First you need decide what netflow analyzer you'll use. I know
> about some plugin to Cacti. Than you need install IPT-NETFLOW to
> your Ubuntu router.
> Also you have another way, you can monitor (snmp traffic) all ports
> on switches and then find analyze.
> B.R. Murat
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Eliezer
> Sent: Thursday, November 13, 2014 8:10 PM
> To: nanog at nanog.org
> Subject: Linux router traffic monitoring, how? netflow?
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hey all,
> I have a tiny linux router based on ubuntu and sometimes I get a
> massive load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't notify
> I can try to use nagios to monitor traffic load for a period of time
> but before I start working on it I want another person opinion and
> I have seen netflow in the past but never actually used it.
> Thanks in advance,
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> -----END PGP SIGNATURE-----
More information about the NANOG