[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Log analysis requirements



> - Summarize the bandwidth usage of each IP interface on the current
>   machine

With all do respect to iptraf, after playing with it for quite some time, 
i determined that iptraf was never intended for this. It is more of a 
"real-time" network monitoring tool and as such does not perform a 
"summarizing" function very well. Yes, you can force it to log and then 
write some scripts to parse the logs etc and come up with something like 
what you want but its really not the tool for it.

The primary problem being that iptraf likes to group all its stats by 
pairs of IP addresses (both source and destination) which doesn't give you 
a good idea of which machine IP on your network is taking the most total 
traffic in a given time frame (bandwidth per month for example).

However, there is a tool that is designed for exactly this purpose. It is 
called "NeTraMet" (Network Traffic Metering). It is not well known but it 
works wonderfully.

It comes in three components, the "meter(s)", the admin tools, and the 
statistics gathering tools.

You install the Meters on as many machines as you like, then you upload 
your rule-sets using an admin tool (NeMaC). Then you pull down the 
statistics from all your meters at whatever interval you like (NeMaC also 
performs this function).

Not trying to step on iptraf's toes here, just thought some users might 
like to know about a tool that is more designed for metering as opposed to 
iptraf which is designed for monitoring.

-- 
John Lange

On Thursday 16 May 2002 10:35 am, you wrote:
> My current iptraf log analysis requirement:
> 
> - Summarize the bandwidth usage of each IP interface on the current
>   machine
> 
> I envision running iptraf in daemon mode and simply parsing the IP
> Traffic
> Monitor log file, spitting out totals per IP per protocol.
> 
> I've currently written a Perl script that, at this time, summarizes UDP
> and TCP byte counts.  Other protocols will be added shortly, though I
> really only plan on adding ICMP at this time (I'd need some sample log
> file of other protocols, as I currently only have these three and don't
> plan on going after others).
> 
> Longer term hope:
>  - analysis engine (script, whatever) can be run in daemon mode
>  - analysis engine causes iptraf to rotate logs, analyses and then
>    deletes "old" logs
>  - analysis engine can send summary data to:
>       - file
>       - database
>       - URL
> 
> 
> greg_fenton.
> 
> =====
> Greg Fenton
> greg_fenton@yahoo.com
> 
> __________________________________________________
> Do You Yahoo!?
> LAUNCH - Your Yahoo! Music Experience
> http://launch.yahoo.com
> 
>