Network accounting

[Andrew Seguin]

I’ve searched Google, I’ve searched through the FreeBSD-net archives and
have gotten a few leads to what I’m seeking, but unfortunately, nothing
solid enough for me to go off of (so yes, I’ve been doing some homework
first! ;) )

 

But, here’s my situation. A dedicated FreeBSD transparent firewall-bridge
with 3 NICs (two for the bridge w/o IP, one for console). I’m using IPFW for
the firewall, and at the moment I’m doing some very bare-bones statistics
via a couple of count rules. I track abusive users through random usage of
TCPDump (when I feel like it basically).

 

However, I have some heavy downloader’s on the campus so I want to do deep
statistics gathering. Mainly, how much is (daily/weekly/monthly) the traffic
by IP address and independently the traffic by service (HTTP/SMTP).

 

So my research seems to indicate that the best is to use something to
generate netflow data (Maybe IPCad?). However, I sort of feel that’s a bit
heavy for my needs, I’d have only one source of data collection. But it’s
not like I’m tight in processor power nor hard disk space and I even have a
second server already running web/Mysql under my control. I have a small
list of tools, but it all leads up to my question.

 

I therefore ask out to the list, what recommendations for traffic
accounting/statistics gathering can you give me?


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005