[c-nsp] Network Utilization

Velasquez Venegas Jaime Omar jaime at ulima.edu.pe
Tue Feb 13 15:52:29 EST 2007


> The router won't log that much information

In fact you just need to extract and count every tcp/SYN packet from the
acl login or use acl to log only "established" packets to web server.Use
a combination of syslog ,tail and grep command line tools for counting
such flows.

> Logs from the webserver?  The OP probably already has that

Logs from the webserver contains ip address of the hosts requesting web
service.If every gateway serves a different subnet this could be an
option to count access through an specific gateway.



-----Original Message-----
From: Pete Templin [mailto:petelists at templin.org] 
Sent: Martes, 13 de Febrero de 2007 12:31 p.m.
To: Velasquez Venegas Jaime Omar
Subject: Re: [c-nsp] Network Utilization

Don't reply to me, reply to the OP or the list.

Velasquez Venegas Jaime Omar wrote:
> At the router level I would go for an access list logging every 
> attempt to access webserver.A more precise approach would be getting 
> logs from webserver itself.

The router won't log that much information - you'll overrun the buffer
and the messages will be rate limited.  After the first N packets,
you'll only get reports every 300 seconds per address.  Plus, any NATs
or proxies will hide the number of users behind them down to 1.

Logs from the webserver?  The OP probably already has that.  He wants to
know which pipe each user came in through.




More information about the cisco-nsp mailing list