Hi all, Just shape my connection isn''t enough. I need to monitoring what''s happening, for example, I need to now if my users are downloading too much, if they are using too much ftp or if thei are ussing too much SSH. Other things that are relevant are Media Streaming, MP3 Downloading and Web Traffic. BUT, some of these services negociate a high port and use these ports for the traffic. How do I prevent that to consume band and how do I log that and make graphics to justify and upgrade on my link infrastructure? How do I monitor this things??? Sorry about my English... :-) Thanks a lot... Any help would be apreciated!! []''s ----- Nelson Guedes Paulo Junior E-mail: <npaulo@linux.ime.usp.br> UIN: 2489382 (Tender [:alpha:]*) ----------------------------------------------------------------------- Eu cavo, tu cavas, ele cava, nós cavamos, vós cavais, eles cavam... Não é bonito, mas é profundo. ----------------------------------------------------------------------- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote:> Hi all, > > Just shape my connection isn''t enough. I need to monitoring what''s > happening, for example, I need to now if my users are downloading too > much, if they are using too much ftp or if thei are ussing too much > SSH. Other things that are relevant are Media Streaming, MP3 Downloading > and Web Traffic. > > BUT, some of these services negociate a high port and use these ports for > the traffic. How do I prevent that to consume band and how do I log that > and make graphics to justify and upgrade on my link infrastructure? > How do I monitor this things???What if you monitor wel-known port (web, game ports, ...) and have an other monitor for all the rest? And block all other ports so they have to use the ports you monitor :)> Sorry about my English... :-)It''s not better then mine. And they understand me (at least I think). Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, 13 Feb 2003, Stef Coene wrote:> On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote: > > Hi all, > > > > Just shape my connection isn''t enough. I need to monitoring what''s > > happening, for example, I need to now if my users are downloading too > > much, if they are using too much ftp or if thei are ussing too much > > SSH. Other things that are relevant are Media Streaming, MP3 Downloading > > and Web Traffic. > > > > BUT, some of these services negociate a high port and use these ports for > > the traffic. How do I prevent that to consume band and how do I log that > > and make graphics to justify and upgrade on my link infrastructure? > > How do I monitor this things??? > What if you monitor wel-known port (web, game ports, ...) and have an other > monitor for all the rest? And block all other ports so they have to use the > ports you monitor :)This is ok, but HOW I can do that??? (monitor, not block ok??)> > > Sorry about my English... :-) > It''s not better then mine. And they understand me (at least I think).It Happens... :-) Thanks.... []''s> Stef > > -- > > stef.coene@docum.org > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > >----- Nelson Guedes Paulo Junior E-mail: <npaulo@linux.ime.usp.br> UIN: 2489382 (Tender [:alpha:]*) ----------------------------------------------------------------------- Eu cavo, tu cavas, ele cava, nós cavamos, vós cavais, eles cavam... Não é bonito, mas é profundo. ----------------------------------------------------------------------- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thursday 13 February 2003 20:35, Nelson Guedes Paulo Junior wrote:> On Thu, 13 Feb 2003, Stef Coene wrote: > > On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote: > > > Hi all, > > > > > > Just shape my connection isn''t enough. I need to monitoring what''s > > > happening, for example, I need to now if my users are downloading too > > > much, if they are using too much ftp or if thei are ussing too much > > > SSH. Other things that are relevant are Media Streaming, MP3 > > > Downloading and Web Traffic. > > > > > > BUT, some of these services negociate a high port and use these ports > > > for the traffic. How do I prevent that to consume band and how do I log > > > that and make graphics to justify and upgrade on my link > > > infrastructure? How do I monitor this things??? > > > > What if you monitor wel-known port (web, game ports, ...) and have an > > other monitor for all the rest? And block all other ports so they have > > to use the ports you monitor :)> This is ok, but HOW I can do that??? (monitor, not block ok??)You can use iptables. You can create a filter rule (or more) that matches the packets you want to monitor. Schedule a iptables -L -v -n each 5 minutes and use the byte counters to update a log file. I recommend rrdtool for it. I have some scripts on www.docum.org. The monitor script uses the byte counters of iptables to get some data. In the GUI section, you can find some perl scripts that I use update the rrd files and to create the graph. If you need more help, you can contact me. For the rrdtool, I recommend using an existing script and adapt it to your needs so you don''t have to bother about the needed options. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, 13 Feb 2003, Stef Coene wrote:> On Thursday 13 February 2003 20:35, Nelson Guedes Paulo Junior wrote: > > On Thu, 13 Feb 2003, Stef Coene wrote: > > > On Thursday 13 February 2003 18:49, Nelson Guedes Paulo Junior wrote: > > > > Hi all, > > > > > > > > Just shape my connection isn''t enough. I need to monitoring what''s > > > > happening, for example, I need to now if my users are downloading too > > > > much, if they are using too much ftp or if thei are ussing too much > > > > SSH. Other things that are relevant are Media Streaming, MP3 > > > > Downloading and Web Traffic. > > > > > > > > BUT, some of these services negociate a high port and use these ports > > > > for the traffic. How do I prevent that to consume band and how do I log > > > > that and make graphics to justify and upgrade on my link > > > > infrastructure? How do I monitor this things??? > > > > > > What if you monitor wel-known port (web, game ports, ...) and have an > > > other monitor for all the rest? And block all other ports so they have > > > to use the ports you monitor :) > > > This is ok, but HOW I can do that??? (monitor, not block ok??) > You can use iptables. You can create a filter rule (or more) that matches the > packets you want to monitor. Schedule a iptables -L -v -n each 5 minutes and > use the byte counters to update a log file. I recommend rrdtool for it. I > have some scripts on www.docum.org. The monitor script uses the byte > counters of iptables to get some data. In the GUI section, you can find some > perl scripts that I use update the rrd files and to create the graph.Thanks Stef. But I''ve tried to see your examples and all graphs are broken. There are no images at all. Can you fix that??? If you could send me an example attached (don''t sendo to the list cause someone may be angry with that) I''ll be very happy... :-)> If you need more help, you can contact me. For the rrdtool, I recommend using > an existing script and adapt it to your needs so you don''t have to bother > about the needed options.I have, at least for the moment, one question about iptables: Does I need to create another chain to sse the bytes like: iptables -N mychain iptables -I INPUT -j mychain iptables -I OUTPUT -j mychain iptables -I FORWARD -j mychain iptables -A mychain -p tcp --dport 22 -j ACCEPT Does I need to do that??? And, if I need, there''s some security implication in doing that, I mean, this way how other rules I need to block SSH for not welcomming IP''s??? Thanks for all... []''s ----- Nelson Guedes Paulo Junior E-mail: <npaulo@linux.ime.usp.br> UIN: 2489382 (Tender [:alpha:]*) ----------------------------------------------------------------------- Eu cavo, tu cavas, ele cava, nós cavamos, vós cavais, eles cavam... Não é bonito, mas é profundo. ----------------------------------------------------------------------- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> Thanks Stef. > But I''ve tried to see your examples and all graphs are broken. There are > no images at all. Can you fix that???http://home.docum.org/qos/snmp.html or do you mean an other page ? (http://home.docum.org/stef.coene/qos/gui/rrd.html is an old page that has indeed broken images).> If you could send me an example attached (don''t sendo to the list cause > someone may be angry with that) I''ll be very happy... :-)Most of my scripts are downloadable.> > If you need more help, you can contact me. For the rrdtool, I recommend > > using an existing script and adapt it to your needs so you don''t have to > > bother about the needed options. > > I have, at least for the moment, one question about iptables: > > Does I need to create another chain to sse the bytes like: > > iptables -N mychain > iptables -I INPUT -j mychain > iptables -I OUTPUT -j mychain > iptables -I FORWARD -j mychain > iptables -A mychain -p tcp --dport 22 -j ACCEPT > > Does I need to do that???No. Each rule has a byte counter. But if you redirect all traffic you want to count to the same self-created chain, you can use the byte counter of that chain so you don''t have to calculate the sum of the separated chains.> And, if I need, there''s some security implication in doing that, I mean, > this way how other rules I need to block SSH for not welcomming IP''s???Put the counter rules at the end of the firewall script. And if you create new chain, you can use -j new_chain. So you don''t accept/deny the packets but still have the counters. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
My suggestion is for you to do this, insert the ''filtering'' rules into the INPUT/OUTPUT/FORWARD chains, eg iptables -I FORWARD -p tcp --dport 22 -j mychain iptables -I INPUT -p tcp --.... -j mychain iptables -I OUTPUT -p udp -- .... -j mychain ..... and so on, and for mychain, iptables -A mychain -j RETURN You can safely put this. It will not disrupt anything. If originally you already have some other accept/deny, they continue to work. --- Nelson Guedes Paulo Junior <npaulo@linux.ime.usp.br> wrote:> I have, at least for the moment, one question about > iptables: > > Does I need to create another chain to sse the bytes > like: > > iptables -N mychain > iptables -I INPUT -j mychain > iptables -I OUTPUT -j mychain > iptables -I FORWARD -j mychain > iptables -A mychain -p tcp --dport 22 -j ACCEPT > > Does I need to do that??? >__________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine''s Day http://shopping.yahoo.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/