From owner-freebsd-isp@FreeBSD.ORG  Tue Dec 28 10:27:12 2004
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 461F416A4CE
	for <freebsd-isp@freebsd.org>; Tue, 28 Dec 2004 10:27:12 +0000 (GMT)
Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5BF2A43D3F
	for <freebsd-isp@freebsd.org>; Tue, 28 Dec 2004 10:27:11 +0000 (GMT)
	(envelope-from ganbold@micom.mng.net)
Received: from [202.179.0.164] (helo=ganbold.micom.mng.net)
	by publicd.ub.mng.net with esmtpa (Exim 4.43 (FreeBSD))
	id 1CjEcK-0005Xr-WC; Tue, 28 Dec 2004 18:30:17 +0800
Message-Id: <6.2.0.14.2.20041228182206.03402eb0@202.179.0.80>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Tue, 28 Dec 2004 18:26:59 +0800
To: Brian Reichert <reichert@numachi.com>
From: Ganbold <ganbold@micom.mng.net>
In-Reply-To: <20041228061859.GE216@numachi.com>
References: <6.2.0.14.2.20041228120539.034089f0@202.179.0.80>
 <20041228061859.GE216@numachi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
cc: freebsd-isp@freebsd.org
Subject: Re: ipfw Traffic statistic by countries, TLD and sites
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Dec 2004 10:27:12 -0000

At 02:18 PM 12/28/2004, you wrote:
>On Tue, Dec 28, 2004 at 12:06:03PM +0800, Ganbold wrote:
> > Hi,
> >
> > I'm using ipfw in bridged mode on FreebSD 5.3
> >
> > FreeBSD fw.ub.mng.net 5.3-STABLE FreeBSD 5.3-STABLE #10: Fri Nov 19
> > 09:18:17 ULAT 2004     tsgan@fw.ub.mng.net:/usr/obj/usr/src/sys/FW  i386
> >
> > I would like to collect statistics from traffic, which passing through
> > ipfw, and make report which should include usage statistics by
> > countries, TLD, sites etc.
>
>Hmm, ntop has some cute 'views' of your network traffic; it's in
>port - go see if that's of any help...

ntop seems like eats RAM more. So I'm thinking to use p0f with GeoIP API 
and mysql to
save IPs into mysql DB and then will make some post processing.
Actually I already integrated p0f with GeoIP so there is left post 
processing part only.

thanks,

Ganbold


> > thanks in advance,
> >
> > Ganbold
>
>--
>Brian Reichert                          <reichert@numachi.com>
>37 Crystal Ave. #303                    Daytime number: (603) 434-6842
>Derry NH 03038-1713 USA                 BSD admin/developer at large