[freebsd-isp] B/W Monitoring with IPFW
Howard Jones
howie at thingy.com
Wed Sep 3 00:39:01 UTC 2008
Tony Holmes wrote:
> I have simply gotten buried in the many options for monitoring and
> graphing b/w data and just need a pointer from experienced people
> at solutions.
>
> I have a dedicated FreeBSD 4.10 (yeah it's old) firewall with IPFW
> and the appropriate counter rules installed. Each counter rule has
> an in and out rule for the boxes (contained in a Class-C block) that
> I wish to monitor.
>
> I have a dedicated monitoring box for presenting of data. Collecting
> every 5 mins will be the standard.
>
> I wish to have a delve-down of the following:
>
> Level 1: Summary of all traffic in/out
> Level 2: Summary of host in/out - these will be grouped by IP/function
> I use dedicated server/jails for functions (http on one, ftp one
> another, etc)
> Level 3: Detail of each individual IP
>
> I've gotten lost in the options - mrtg, rrdtool, cacti... using custom script,
> snmpd... the list goes on. In all my years I've never done this part myself and
> now I find I need to.
>
Extending net-snmp to do this, and then using anything that can
read/graph/report SNMP (cacti, mrtg, cricket etc) is pretty
straightforward. If you can make a simple shell script to get the value
you want (e.g. ipfw show 400 | cut -f3 -d' ') then this works OK as a
starting point. I have a similar example on my site:
http://wotsit.thingy.com/haj/cacti/cacti-dynfirewall.html (and a few
more on there).
You might also want to look at ng_netflow or ntop - can't remember if
netgraph/ng_* was in 4.10 though. To get down to per-IP without having a
huge number of ipfw count rules, these two might fit better.
Howie
More information about the freebsd-isp
mailing list