Date: Tue, 04 Aug 1998 09:53:30 -0700 From: "Kurt D. Zeilenga" <Kurt@Boolean.Net> To: freebsd-net@FreeBSD.ORG Subject: monitoring aggregate traffic Message-ID: <3.0.5.32.19980804095330.00963790@127.0.0.1>
next in thread | raw e-mail | index | archive | help
I was wonderring what others are using to monitor aggregate bandwidth. That is, by proto, by port, by dst, by src, etc. Whether the tool supports tracking of min/max/averages, control over aging of inactive entries, recording of top entires (regradless of their current activity), and integration with graphing tools (such as MTRG)? I am current hacking the hell out of trafshow to allow aggregation of entries. (trafshow is curses-based and runs well when logged in over small pipes). My first hack was simple, I added an option, -i which takes a string descibing what to ignore when recording entries. -i "sd" causes both source and dest ports to be ignored, aggregates hostA->hostB traffic. -i "Dsd" ignores dest address and ports and hence aggregates talkers. I also changed the sort function to compare current bytes instead of total bytes. To sort out my particular problem (occassional bcast spikes), I've been running: mytrafshow -p -i "Dsd" ether broadcast (bcast by dst) mytrafshow -p -i "SDs" ether broadcast (bcast by dport) This has allowed me to easily monitor the bandwidth utilization in realtime. Of course, I really don't want be setting in front of my terminal all week waiting for the next unexplained spike. I've started my second round of hacking to record min/max/avg for each entry and to make some display improvements (my first hack didn't make any display changes, see below), to allow control over aging of entries, and to have a history page of top/most spikers. The third round, I guess, would be to export the stats so they can integrated with MTRG or the like. Of course, I rather not have to reinvent this wheel... (this is a distraction from real work). I'd like to hear about what tools you use to monitor your networks. Here is an example of my current hack showing aggregated by port. >From Address To Address Proto Bytes CPS ============================================================================ ==== 0.0.0.0..netbios- 0.0.0.0..netbios- udp 1735074 226 0.0.0.0..router 0.0.0.0..router udp 985428 191 0.0.0.0..netbios- 0.0.0.0..netbios- udp 1345037 163 0.0.0.0..bootpc 0.0.0.0..bootps udp 335872 32 0.0.0.0..bootps 0.0.0.0..bootpc udp 155800 32 0.0.0.0..who 0.0.0.0..who udp 5480 3 0.0.0.0..2396 0.0.0.0..sunrpc udp 336 3 0.0.0.0..timed 0.0.0.0..timed udp 104 3 0.0.0.0 0.0.0.0 unkn 46 1 0.0.0.0 0.0.0.0 icmp 36 1 (fxp0) TCP pkts: 0 UDP pkts: 34341 KBytes: 4698 Page 1 of 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19980804095330.00963790>