On Wed, 2005-11-02 at 20:56 -0600, Mike McGrath wrote: > > > -----Original Message----- > > From: fedora-list-bounces@xxxxxxxxxx > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Justin Zygmont > > Sent: Wednesday, November 02, 2005 8:55 PM > > To: fedora-list@xxxxxxxxxx > > Subject: syslog traffic analyzers > > > > I was wondering if anyone had any recommendations for a > > traffic analyzer that will read from a syslog file, and not > > just by binding to the network interface in promiscuous mode. > > I was hoping to find a program that will show traffic usage > > by IP address, many of them just show the total traffic statistics. > > > > > > I don't know of any way to get network information from a syslog file? > I've used ntop in the past, I believe it had the information you are > looking for but required binding to the network interface and running in > promiscuous mode. If you're looking to monitor network information on a > number of machines on your network that you control I'd suggest cacti > and SNMP. > > http://freshmeat.net/projects/cacti/ Ah, uhm, cacti relies on snmp which will just show the total traffic. He wants something more, methinks. AFAIK, traffic is not logged to any log file. If you have a busy machine, the log file would overflow very, very quickly. If you want to track "so many bytes went between here and that IP over there" and that type of thing, I suspect you want something like Cisco's "netflow" system. It tracks traffic at the router and periodically spits it out to an analysis machine somewhere. It is proprietary (to an extent) and I don't know of a open source version. If you want similar data, you really have no choice BUT to put your NIC into promiscuous mode to see all the traffic there is. You'd need to absorb that data (a'la tcpdump) and process it as you see fit. ---------------------------------------------------------------------- - Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx - - VitalStream, Inc. http://www.vitalstream.com - - - - Heisenberg _may_ have slept here - ----------------------------------------------------------------------
