[lug] Bandwidth Monitoring

George Sexton georges at mhsoftware.com
Tue Mar 22 09:53:25 MDT 2011 

I'm using MRTG for raw monitoring. The issue is that sometimes I get a rogue
host running against my cloud webapp and it sucks up a lot of bandwidth. I
just want a way to identify offenders so I can block their IP address.

 

George Sexton

MH Software, Inc.

303 438-9585

www.mhsoftware.com

 

From: lug-bounces at lug.boulder.co.us [mailto:lug-bounces at lug.boulder.co.us]
On Behalf Of Stephen Kraus
Sent: Tuesday, March 22, 2011 9:38 AM
To: Boulder (Colorado) Linux Users Group -- General Mailing List
Subject: Re: [lug] Bandwidth Monitoring

 

I've used Nagios for Bandwidth monitoring in the past

On Tue, Mar 22, 2011 at 9:32 AM, Aaron Nichols <anichols at trumped.org> wrote:

On Tue, Mar 22, 2011 at 9:26 AM, George Sexton <georges at mhsoftware.com>
wrote:
> iptop is kind of what I'm looking for. The problem with it is that unless
> you're watching right when the spike in traffic happens, it's no good.
What
> I really need is something that shows bucketed values:
>
> IP      30 seconds              60 Seconds              300 Seconds
> 3600 Seconds

For ongoing monitoring of traffic breakdown by port/protocol - the
common mechanism for larger networks is netflow analysis. There are
free collectors (capture traffic and output netflow data) for Linux
which can listen to local traffic, then you combine a collector with
an analysis/graphing tool to produce the type of statistics you want
ongoing.

You can see a list of free tools for this here:
http://www.networkuptime.com/tools/netflow/

If you are looking for historical data about what protocols are
consuming how much throughput these are probably going to give you
what you want. They can capture IP sources, etc, and you can display
the info however you want typically.

A quick look through the list and I'm already curious about this guy:
http://sourceforge.net/projects/nfsen/

Aaron
_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20110322/c86b7295/attachment.html>

More information about the LUG mailing list