From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 20:11:22 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 066EF16A4CE for ; Mon, 17 Jan 2005 20:11:22 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FEA743D2F for ; Mon, 17 Jan 2005 20:11:21 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id 3388954A5 for ; Mon, 17 Jan 2005 20:15:13 +0000 (GMT) From: "Andrew Seguin" To: Date: Mon, 17 Jan 2005 21:11:13 +0100 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPng== Message-Id: <20050117201513.3388954A5@borgtech.ca> Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 20:11:22 -0000 I=92ve searched Google, I=92ve searched through the FreeBSD-net archives = and have gotten a few leads to what I=92m seeking, but unfortunately, = nothing solid enough for me to go off of (so yes, I=92ve been doing some = homework first! ;) ) =20 But, here=92s my situation. A dedicated FreeBSD transparent = firewall-bridge with 3 NICs (two for the bridge w/o IP, one for console). I=92m using = IPFW for the firewall, and at the moment I=92m doing some very bare-bones = statistics via a couple of count rules. I track abusive users through random usage = of TCPDump (when I feel like it basically). =20 However, I have some heavy downloader=92s on the campus so I want to do = deep statistics gathering. Mainly, how much is (daily/weekly/monthly) the = traffic by IP address and independently the traffic by service (HTTP/SMTP). =20 So my research seems to indicate that the best is to use something to generate netflow data (Maybe IPCad?). However, I sort of feel that=92s a = bit heavy for my needs, I=92d have only one source of data collection. But = it=92s not like I=92m tight in processor power nor hard disk space and I even = have a second server already running web/Mysql under my control. I have a small list of tools, but it all leads up to my question. =20 I therefore ask out to the list, what recommendations for traffic accounting/statistics gathering can you give me? --=20 No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 =20