[nsp] how to report on traffic by protocol?
Vladimir Kotal
vlada@openbsd.cz
Mon, 11 Nov 2002 21:44:49 +0100
On Mon, Nov 11, 2002 at 02:35:01PM -0500, Furnish, Trever G wrote:
> What do you, list members, use to report on bandwidth usage by protocol or
> application? And has anyone had any experience with particular software
> packages to facilitate this, especially free (as in beer) packages?
>
> I've just gotten my feet damp with exporting netflow records but haven't yet
> delved deeply enough into it to figure out what flow collection process (if
> any) will be suitable for my needs. Cost is a big issue. Interface isn't
> much of an issue, so long as I can get decent reporting or direct access to
> the flow data for processing with scripts. If you use netflow, what
> collector software and reporting software do you use?
>
I'm using modified CAIDA's cflowd with patches from Dave Plonka,
both can be found in *BSD port trees. There is quite easy way to modify
flow* sources so that it will process flows according to your needs.
> Is there something else suitable for this need besides netflow, without
> span'ning my traffic at a switch to a monitored port (ie for tcpdump)? With
> netflow caching and exporting enabled on one interface my cpu load on a 2600
> series router went from 61% to 98% with quite a bit of packet loss. I only
Well, this can be an issue if you want to measure traffic precisely.
See failure counters in 'sh ip flow export' export if you have any netflow
packet loss.
Regards,
V. Kotal