syslog traffic analyzers
Les Mikesell
lesmikesell at gmail.com
Thu Nov 3 21:15:16 UTC 2005
On Thu, 2005-11-03 at 13:39, Kenneth Porter wrote:
> --On Thursday, November 03, 2005 1:24 PM -0600 Les Mikesell
> <lesmikesell at gmail.com> wrote:
>
> > Is there a generic way to do this with iptables without knowing
> > what ports are used? Ntop can group them by port/service but
> > will find the activity regardless of the ports used.
>
> No, not if you want to break out every port into its own graph. (Well, you
> could use 128k iptables rules, one per port, but that would likely be a
> performance killer.) But ntop would still be overkill if that's all you
> want. Just grab the header on every packet using libpcap and count the
> ports yourself. ntop is a "full-service" program that's really intended for
> a dedicated router with lots of memory to store state.
Well, except when you run it as an sflow sender so it only collects
data and another box does the real work (and I haven't done it that
way myself...).
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list