Linux router traffic monitoring, how? netflow?

Joe Loiacono jloiacon at csc.com
Fri Nov 14 13:50:11 UTC 2014


If you go the netflow route you might consider FlowViewer/SiLK for the 
collector/analyzer. It is web driven and allows you to easily establish 
traffic thresholds which will generate an alert email.

https://sourceforge.net/projects/flowviewer

Joe

"NANOG" <nanog-bounces at nanog.org> wrote on 11/14/2014 02:35:44 AM:

> From: Murat Kaipov <mkaipov at outlook.com>
> To: "'Eliezer Croitoru'" <eliezer at ngtech.co.il>, <nanog at nanog.org>
> Date: 11/14/2014 02:37 AM
> Subject: RE: Linux router traffic monitoring, how? netflow?
> Sent by: "NANOG" <nanog-bounces at nanog.org>
> 
> Hello Eliezer.
> Netflow will be the best solution to find the host that's generate 
> load. First you need decide what netflow analyzer you'll use. I know
> about some plugin to Cacti. Than you need install IPT-NETFLOW to 
> your Ubuntu router.
> Also you have another way, you can monitor (snmp traffic) all ports 
> on switches and then find analyze. 
> B.R. Murat
> 
> 
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Eliezer 
Croitoru
> Sent: Thursday, November 13, 2014 8:10 PM
> To: nanog at nanog.org
> Subject: Linux router traffic monitoring, how? netflow?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hey all,
> 
> I have a tiny linux router based on ubuntu and sometimes I get a 
> massive load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't notify 
me.
> I can try to use nagios to monitor traffic load for a period of time
> but before I start working on it I want another person opinion and 
options.
> 
> I have seen netflow in the past but never actually used it.
> 
> Thanks in advance,
> Eliezer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ
> GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R
> MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP
> eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4
> cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2
> IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM=
> =gZaZ
> -----END PGP SIGNATURE-----


More information about the NANOG mailing list