From owner-freebsd-questions@FreeBSD.ORG Wed Sep 14 16:36:15 2005 Return-Path: X-Original-To: freebsd-questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD76016A41F for ; Wed, 14 Sep 2005 16:36:15 +0000 (GMT) (envelope-from dm@mainframe.ca) Received: from wale.mainframe.ca (wale.mainframe.ca [209.17.131.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C47B43D49 for ; Wed, 14 Sep 2005 16:36:15 +0000 (GMT) (envelope-from dm@mainframe.ca) Received: from jupiter.mainframe.ca ([10.0.0.12] helo=mail.mainframe.ca) by wale.mainframe.ca with esmtp (Exim 4.52 (FreeBSD)) id 1EFaF5-000Ng9-4j; Wed, 14 Sep 2005 09:36:15 -0700 Received: from [172.16.139.102] (helo=Mandarin-04.mainframe.ca) by mail.mainframe.ca with esmtp (Exim 4.52 (FreeBSD)) id 1EFaCH-0005RH-PW; Wed, 14 Sep 2005 09:33:21 -0700 From: Derrick MacPherson To: Peter Matulis In-Reply-To: <20050914031114.96483.qmail@web60023.mail.yahoo.com> References: <20050914031114.96483.qmail@web60023.mail.yahoo.com> Content-Type: text/plain; charset=utf-8 Date: Wed, 14 Sep 2005 09:36:14 -0700 Message-Id: <1126715774.12094.12.camel@Mandarin-04.mainframe.ca> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-16.3) Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@FreeBSD.org Subject: Re: traffic accounting. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2005 16:36:15 -0000 On Tue, 2005-09-13 at 23:11 -0400, Peter Matulis wrote: > --- Erik N=C3=B8rgaard wrote: >=20 > > Derrick MacPherson wrote: > > > I am going to pop a machine (bridged interfaces) in tween our LAN and > > > our firewall (pix) and am wanting to know what people would recommend > > > for IP accounting, it would be great to have a web based output to sh= ow > > > what traffic, from/to what hosts so the boss is happy to look at it. >=20 > Are you searching for something that looks good or something more factual= ? Probably more pretty than extremely accurate. I've actually mirrored a port on the switch that's to our internet connection, and have ntop monitoring that. Seems to be working fine, I guess I would like a bit more of a warm fuzzy feeling that what i'm doing is right. > Another question to consider is whether you are interested in bandwidth > (bytes/sec) or in actual bytes transferred. There are fewer tools that p= rovide > persistent & archivable stats for the latter and I have yet to find one t= hat > displays the latter in graphical form without it becoming a science proje= ct. bytes transfered is better, but both appreciated. And ya, it seems like there's a few solutions, none perfect. I am pushing for the replacement of our Pix's, my preference is PF on *BSD, but again, they want something that looks pretty.