From owner-freebsd-questions@FreeBSD.ORG Fri Oct 20 20:35:33 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9AA716A53F for ; Fri, 20 Oct 2006 20:35:33 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id E777144007 for ; Fri, 20 Oct 2006 20:29:53 +0000 (GMT) (envelope-from kurt.buff@gmail.com) Received: by wx-out-0506.google.com with SMTP id t4so1081685wxc for ; Fri, 20 Oct 2006 13:29:53 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KWlybKaPWaUblhJP8kl3RGG8yiDrlMp8qo+S4lMSzcJAOGNXT71Dno10dZoHqf8EHoqVuqwB9s9X6byWw65E7dF2ZI4pt+zpbBBcX3sr5hc31zhyNLCqNevFkB6M4vjQe8f+0vzX16cBCja7Mg95MNVDwchbCzAaMuIV++jeIck= Received: by 10.70.91.16 with SMTP id o16mr1465743wxb; Fri, 20 Oct 2006 13:29:52 -0700 (PDT) Received: by 10.70.130.20 with HTTP; Fri, 20 Oct 2006 13:29:52 -0700 (PDT) Message-ID: Date: Fri, 20 Oct 2006 13:29:52 -0700 From: "Kurt Buff" To: "Zbigniew Szalbot" In-Reply-To: <20061020221439.V69505@192.168.11.51> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20061020164010.U62717@192.168.11.51> <20061020221439.V69505@192.168.11.51> Cc: freebsd-questions@freebsd.org Subject: Re: monitoring lan->wan X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 20:35:33 -0000 On 10/20/06, Zbigniew Szalbot wrote: > Hi all, > > On Fri, 20 Oct 2006, Kurt Buff wrote: > > > If you wish to characterize the traffic to and from the Internet by > > protocol and/or user, then you'll have to do something more than > > simply using SNMP to monitor throughput on the router. In that case, > > you'll need to have your FreeBSD box actually parse the traffic, or > > get a netflow from the router (assuming that it can do that.) and ntop > > is a good start for the software you want, or perhaps etherape. > > Assuming that netflow isn't available from the router (and I think > > that's a fairly safe bet) the trick will be making sure that your > > FreeBSD box will see the traffic, and for that you'll need something > > like one of the following setups: > > All I can do with the router is to enable logging to a syslog, which means > I can connect it to FBSD, can't I? > > But I understand now that things will be a little more difficult than I > thought :). Anyway, thanks for all the pointers! syslog <> SNMP. Monitoring traffic by parsing syslog messages seems unlikely at best, but you'll want to tak a look at some samplings of your syslog messages to be sure. I'm not aware of any programs that do that, which is not to say that they don't exist, just that I don't know about them. Kurt