From owner-freebsd-questions  Sat Jan 25  8:46:37 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E8ED137B401
	for <freebsd-questions@freebsd.org>; Sat, 25 Jan 2003 08:46:35 -0800 (PST)
Received: from relay.boerde.de (relay.boerde.de [213.187.87.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 610B443EB2
	for <freebsd-questions@freebsd.org>; Sat, 25 Jan 2003 08:46:35 -0800 (PST)
	(envelope-from shauwn@relay.boerde.de)
Received: by relay.boerde.de (Postfix, from userid 639)
	id 6EA831131C; Sat, 25 Jan 2003 17:46:28 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
	by relay.boerde.de (Postfix) with ESMTP
	id 69B5B1131A; Sat, 25 Jan 2003 17:46:28 +0100 (MET)
Date: Sat, 25 Jan 2003 17:46:28 +0100 (MET)
From: Frank Reppin <shauwn@relay.boerde.de>
Reply-To: Frank.Reppin@boerde.de
To: Jason Morgan <jwm-freebsd@sentinelchicken.net>
Cc: freebsd-questions@freebsd.org
Subject: Re: monitoring traffic with IPFW - good idea?
In-Reply-To: <20030125160751.GB7622@sentinelchicken.net>
Message-ID: <Pine.LNX.4.44.0301251734180.795-100000@relay.boerde.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, 25 Jan 2003, Jason Morgan wrote:

Hi,

yes - why not. I do the same here on our net with IPFW count
rules. In this way I divided those rules to monitor different
subnets, protocols and I also monitor the bandwidth usage
for some services. All this informations gets then piped
through MRTG (www.mrtg.org) and produces some nice graphs - showing
the used bandwidth.
On the other hand it might be enough for you, if you only see
what actually happened by watching the rules manually - in other
words - get the output mailed from time to time.

Maybe someone has a clue, if a lot of count rules (I mean really lots
of them) have any 'bad' side effects on performance. So far I don't
see problems with around 80 rules on PII400/128MB counting traffic
from/to upstream (2.3Mbit/s) via 100MBit/s interfaces in this box.
I think of doing accounting here for a /22 net (atm this is done
by a linux box with ipac).

Best regards,

Frank Reppin

-- 
Heidestr. 15
39112 Magdeburg
Germany


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message