[Gllug] Traffic monitoring

Huw Lynes huw-l at moving-picture.com
Tue Oct 21 08:57:16 UTC 2003 

On Mon, 20 Oct 2003 22:56:16 +0100
"Wayne" <wayne at fused.org> wrote:

> Hi All.
> 
> I have a number of users on a small internal network. I have been asked to
> >produce a list of the amount of traffic users actually use..., any
> >>suggestions on how to monitor? Currently all users use squid for web proxy
> >so >i could monitor the logs but i would also like to monitor levels of say
> >yahoo >messenger use.

The problem with this is that there are so many ways of doing it. But the ways
break down into a couple of categories.

1)Monitor at the workstation.

run something like ntop on the workstations. This lets you now millions of
things about the network traffic on the workstation's Ethernet. The downside
we have found with ntop is that the ntop web-page puts a lot of load on the
machine. This may be some idiosyncrasy of the way we have it set up here.

Or run something on the workstation that sends monitoring info to a central
point. There are a number of solutions here including writing some custom
scripts to poll /proc and send off the results. Or store the results locally
in something like rrd
(http://wwww.people.ee.ethz.ch/~oetiker/webtools/rrdtool/) and only asking for
the data when you need them. Depends how much bandwidth you have to play with.

2)Use your switch

most modern managed switches have SNMP. You can get per port bandwidth data
fairly easily. Look at snmpget or the SNMP library of your favourite scripting
language. With these it is fairly easy to knock up some monitoring tools. Or
use a canned tool like cricket (http:cricket.sourceforge.net) which is ugly
but easy to set up. We played with cricket but gave up because most of our
edge switches use 32 bit counters. Totally useless to monitor gigabit.

-- 
| Huw Lynes               | The Moving Picture Company  |
| System Administrator    | 127 Wardour Street          |
|.........................| London, W1F 0NL             | 



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list