RE: syslog traffic analyzers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2005-11-02 at 20:56 -0600, Mike McGrath wrote:
>  
> > -----Original Message-----
> > From: fedora-list-bounces@xxxxxxxxxx 
> > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Justin Zygmont
> > Sent: Wednesday, November 02, 2005 8:55 PM
> > To: fedora-list@xxxxxxxxxx
> > Subject: syslog traffic analyzers
> > 
> > I was wondering if anyone had any recommendations for a 
> > traffic analyzer that will read from a syslog file, and not 
> > just by binding to the network interface in promiscuous mode. 
> >  I was hoping to find a program that will show traffic usage 
> > by IP address, many of them just show the total traffic statistics.
> > 
> > 
> 
> I don't know of any way to get network information from a syslog file?
> I've used ntop in the past, I believe it had the information you are
> looking for but required binding to the network interface and running in
> promiscuous mode.  If you're looking to monitor network information on a
> number of machines on your network that you control I'd suggest cacti
> and SNMP.
> 
> http://freshmeat.net/projects/cacti/

Ah, uhm, cacti relies on snmp which will just show the total traffic.
He wants something more, methinks.

AFAIK, traffic is not logged to any log file.  If you have a busy
machine, the log file would overflow very, very quickly.  If you want
to track "so many bytes went between here and that IP over there" and
that type of thing, I suspect you want something like Cisco's "netflow"
system.  It tracks traffic at the router and periodically spits it out
to an analysis machine somewhere.  It is proprietary (to an extent) and
I don't know of a open source version.

If you want similar data, you really have no choice BUT to put your NIC
into promiscuous mode to see all the traffic there is.  You'd need to
absorb that data (a'la tcpdump) and process it as you see fit.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                  Heisenberg _may_ have slept here                  -
----------------------------------------------------------------------
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux