[nzlug] Traffic Accounting

Carlos skyclan at gmx.net
Sun Feb 17 16:54:05 NZDT 2008 

Nick 'Zaf' Clifford wrote:
> Hi All,
> 
> Time to draw on the collective knowledge...
> 
> My little tiger is playing on the net more and more, and I never thought
> it possible, but appears to be shifting more traffic than myself (and
> I'm a net hog!). So now that my traffic count is getting a little high,
> I'm looking to see what network traffic accounting packages are out
> there. I'm capable of using google, and a query along those lines
> produces many many products I can look at. But I'd like to narrow down
> the choices, see what others are using, and hopefully find something
> that meets my minimum requirements:
> 
> 1) Traffic by internal hostname/IP address. My set up is much like
> others, I have an internal LAN, I'd like to know how much traffic is
> going to/from each individual IP address. I don't want to have to setup
> 253 rules in iptables, one matching every IP. IP's are mostly DHCP'd, so
> if the program can actually store the results based on hostname (The
> DHCP daemon takes care of assigning PTR records).
> 
> ii) Graphs. I'd be very nice to see weekly graphs showing everyones
> various usage.
> 
> c) Breakdown of usage by protocol. That'd be a nice feature. How much
> traffic is HTTP vs P2P (or, given that P2P is difficult to detect
> easily, how much is HTTP vs Other)
> 
> 4) Little set up time. Time is precious. Although I am more than capable
> of writing my own traffic accounting package, that does everything just
> how I want it, I have little desire to do so (unless there is a huge
> hole in the market, and there is nothing that meets my minimum
> criteria!). I don't want to muck with MRTG, RRT, etc.
> 
> v) Active development - or at least, not so stale it references ipchains.
> 
> f) Preferably Ubuntu/Debian packaged - but of course its not a show stopper.
> 
> 
> 
> So what are others using for this niche, and what are the various
> pros/cons of the solutions?

Hi Nick,

I've used the combination pmacct with SNMPd and Cacti in the past for a friend to monitor their LAN internet usage.

Pros: 
Polished web front end solution to display traffic monitoring graphs.
Handles large and small environments.
Very flexible and fine grain monitoring of traffic flows.
Active development in all the projects. (Debian packages available)
Simple to maintain once configured.

Cons:
Large learning curve.
Complex architecture.
Can be memory intensive on host running pmacct.

http://www.pmacct.net/
http://www.cacti.net/

HTH,
Carlos
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

More information about the NZLUG mailing list