[nzlug] Traffic Accounting

[Nick 'Zaf' Clifford]

Hi All,

Time to draw on the collective knowledge...

My little tiger is playing on the net more and more, and I never thought
it possible, but appears to be shifting more traffic than myself (and
I'm a net hog!). So now that my traffic count is getting a little high,
I'm looking to see what network traffic accounting packages are out
there. I'm capable of using google, and a query along those lines
produces many many products I can look at. But I'd like to narrow down
the choices, see what others are using, and hopefully find something
that meets my minimum requirements:

1) Traffic by internal hostname/IP address. My set up is much like
others, I have an internal LAN, I'd like to know how much traffic is
going to/from each individual IP address. I don't want to have to setup
253 rules in iptables, one matching every IP. IP's are mostly DHCP'd, so
if the program can actually store the results based on hostname (The
DHCP daemon takes care of assigning PTR records).

ii) Graphs. I'd be very nice to see weekly graphs showing everyones
various usage.

c) Breakdown of usage by protocol. That'd be a nice feature. How much
traffic is HTTP vs P2P (or, given that P2P is difficult to detect
easily, how much is HTTP vs Other)

4) Little set up time. Time is precious. Although I am more than capable
of writing my own traffic accounting package, that does everything just
how I want it, I have little desire to do so (unless there is a huge
hole in the market, and there is nothing that meets my minimum
criteria!). I don't want to muck with MRTG, RRT, etc.

v) Active development - or at least, not so stale it references ipchains.

f) Preferably Ubuntu/Debian packaged - but of course its not a show stopper.



So what are others using for this niche, and what are the various
pros/cons of the solutions?