Performance Monitoring

Performance Monitoring

[Barry Rooney]

[-- Attachment #1: Type: text/plain, Size: 390 bytes --]

Hi All,
Can anyone recommend an opensource bandwidth monitoring tool that can plot throughtput and breakdown into sockets/services
for proving the performance of my qdiscs and IPTables?

Many thanks

Barry.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.555 / Virus Database: 347 - Release Date: 23/12/2003

[-- Attachment #2: Type: text/html, Size: 1177 bytes --]

Re: Performance Monitoring

[Alex Satrapa]

Barry Rooney wrote:
> .. recommend an opensource bandwidth monitoring tool ...

Is IPAC-NG what you're looking for?

http://ipac-ng.sourceforge.net/

Re: Performance Monitoring

[Lawrence Tang]

Does this will help to calculate each PC on LAN MB usage report ??

Lawrence

----- Original Message ----- 
From: "Alex Satrapa" <alex@lintelsys.com.au>
To: "Barry Rooney" <brooney@xcommunications.co.uk>
Cc: <netfilter@lists.netfilter.org>
Sent: Tuesday, January 06, 2004 8:27 AM
Subject: Re: Performance Monitoring


> Barry Rooney wrote:
> > .. recommend an opensource bandwidth monitoring tool ...
> 
> Is IPAC-NG what you're looking for?
> 
> http://ipac-ng.sourceforge.net/
> 
> 

Re: Performance Monitoring

[bino]

I my self don't familiar with IPAC-NG.
The basic logic block is :
1. use the feature of iptables -N to create per ip-addr IN and Out chain
2. jump every traffic per ip addr, to respective chain 

use cron to run the bash-script that do :
1. iptables -L -vnx
2. Parse the data from each respective chain
3. stor it to remote MySQL using MySql client tool
4. reset (zero ?) the value of each chain 

That way you can have a traffic record per station (ip addr) 

If you just need monitoring like MRTG (in bps, no detailed history record), 
it'll more simple ... you only need to hack NetSNMPD and use MRTG to do the 
rest, no SQL hasle. 

Sincerely
 -bino- 

Alex Satrapa writes: 

> Lawrence Tang wrote:
>> Does this will help to calculate each PC on LAN MB usage report ??
> 
> You should be able to configure it to do so. IPAC-NG uses separate 
> accounting rules for every item that you want to report on. Thus if you 
> want individual accounting per PC, you can set it up to do so. 
> 
> Install it and fiddle. That's my recommendation. 
> 
> Alex Satrapa 
> 
>  
> 
> 
 

Re: Performance Monitoring

[Alex Satrapa]

Lawrence Tang wrote:
> Does this will help to calculate each PC on LAN MB usage report ??

You should be able to configure it to do so. IPAC-NG uses separate 
accounting rules for every item that you want to report on. Thus if you 
want individual accounting per PC, you can set it up to do so.

Install it and fiddle. That's my recommendation.

Alex Satrapa

Re: Performance Monitoring

[Michael Gale]

Wait a minute here ... you want a rule for each IP ?

Depending on the stats you need I suggest you strongly look into the
following:

ntop -- provides a web GUI for real time monitoring. Using it now on a
firewall box to monitoring traffic on each interface. 

Adv .. provides great states , very detailed
Dis .. seems to be some over header ... uses a DDR db :(

You can use curl to pull the stats nightly and save them to a text file.
Then create a little PHP scritp to provide you with the numbers. Now you
will have stats for as long as you want.

iptraf -- not bad ... detail is low.

Adv ... NO over head and works great on a work station or 1 interface
machine. It takes a bit to setup because you have to create all the
filters your self.

Dis ... out is simple ... a php script to produce a nice web GUI is
needed.

Nagios -- http://www.nagios.org/
	Could be over kill depending on what you want ... this is more of a
network monitoring tool. Really not designed to be run with one machine
in mind.

IPFM -- not bad .. very simple:

example:
HOST                          IN         OUT       TOTAL
host1.domain.com           12345     6666684     6679029

MRTG for total traffic accounts only

Bandwidthd -- not bad ... currently testing it. Seems to provide web png
files much like MRTG but does provide host info. I do not believe you
are able to save the data though :(


Michael.


On Tue, 06 Jan 2004 10:38:02 +0700
"bino" <bino@indoakses-online.com> wrote:

> I my self don't familiar with IPAC-NG.
> The basic logic block is :
> 1. use the feature of iptables -N to create per ip-addr IN and Out
> chain 2. jump every traffic per ip addr, to respective chain 
> 
> use cron to run the bash-script that do :
> 1. iptables -L -vnx
> 2. Parse the data from each respective chain
> 3. stor it to remote MySQL using MySql client tool
> 4. reset (zero ?) the value of each chain 
> 
> That way you can have a traffic record per station (ip addr) 
> 
> If you just need monitoring like MRTG (in bps, no detailed history
> record), it'll more simple ... you only need to hack NetSNMPD and use
> MRTG to do the rest, no SQL hasle. 
> 
> Sincerely
>  -bino- 
> 
> Alex Satrapa writes: 
> 
> > Lawrence Tang wrote:
> >> Does this will help to calculate each PC on LAN MB usage report ??
> > 
> > You should be able to configure it to do so. IPAC-NG uses separate 
> > accounting rules for every item that you want to report on. Thus if
> > you want individual accounting per PC, you can set it up to do so. 
> > 
> > Install it and fiddle. That's my recommendation. 
> > 
> > Alex Satrapa 
> > 
> >  
> > 
> > 
>  
> 
> 


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

Re: Performance Monitoring

[Michael Gale]

Hello,

	Yesterday I was a reply on Performance Monitoring on the netfilter mail
list, it suggested the user use IPAC-NG. The admin then have to create a
chain for each IP they want to monitor.

I did not think this is a good idea ... so for those of you who want to
do bandwidth monitoring I suggest you check out the following. Here is a
list of ones I have tried.

ntop -- provides a web GUI for real time monitoring. Using it now on a
firewall box to monitoring traffic on each interface. 

Adv .. provides great states , very detailed
Dis .. seems to be some over header ... uses a DDR db :(

You can use curl to pull the stats nightly and save them to a text file.
Then create a little PHP scritp to provide you with the numbers. Now you
will have stats for as long as you want.

iptraf -- not bad ... detail is low.

Adv ... NO over head and works great on a work station or 1 interface
machine. It takes a bit to setup because you have to create all the
filters your self.

Dis ... out is simple ... a php script to produce a nice web GUI is
needed.

Nagios -- http://www.nagios.org/
	Could be over kill depending on what you want ... this is more of a
network monitoring tool. Really not designed to be run with one machine
in mind.

IPFM -- not bad .. very simple:

example:
HOST                          IN         OUT       TOTAL
host1.domain.com           12345     6666684     6679029

MRTG for total traffic accounts only

Bandwidthd -- not bad ... currently testing it. Seems to provide web png
files much like MRTG but does provide host info. I do not believe you
are able to save the data though :(


Michael.


On Tue, 06 Jan 2004 10:38:02 +0700
"bino" <bino@indoakses-online.com> wrote:

> I my self don't familiar with IPAC-NG.
> The basic logic block is :
> 1. use the feature of iptables -N to create per ip-addr IN and Out
> chain 2. jump every traffic per ip addr, to respective chain 
> 
> use cron to run the bash-script that do :
> 1. iptables -L -vnx
> 2. Parse the data from each respective chain
> 3. stor it to remote MySQL using MySql client tool
> 4. reset (zero ?) the value of each chain 
> 
> That way you can have a traffic record per station (ip addr) 
> 
> If you just need monitoring like MRTG (in bps, no detailed history
> record), it'll more simple ... you only need to hack NetSNMPD and use
> MRTG to do the rest, no SQL hasle. 
> 
> Sincerely
>  -bino- 
> 
> Alex Satrapa writes: 
> 
> > Lawrence Tang wrote:
> >> Does this will help to calculate each PC on LAN MB usage report ??
> > 
> > You should be able to configure it to do so. IPAC-NG uses separate 
> > accounting rules for every item that you want to report on. Thus if
> > you want individual accounting per PC, you can set it up to do so. 
> > 
> > Install it and fiddle. That's my recommendation. 
> > 
> > Alex Satrapa 
> > 
> >  
> > 
> > 
>  
> 
> 


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

Re: Performance Monitoring

[Michael Gale]

Hello,

	Even if you have a script that creates the chains for each IP .. if you
use all the IP's from .1 to .250. Then a packet will have to be compared
to 249 chains before if matches a chain if it is from or to IP .250.

This is not good.

Michael.



On Tue, 06 Jan 2004 10:38:02 +0700
"bino" <bino@indoakses-online.com> wrote:

> I my self don't familiar with IPAC-NG.
> The basic logic block is :
> 1. use the feature of iptables -N to create per ip-addr IN and Out
> chain 2. jump every traffic per ip addr, to respective chain 
> 
> use cron to run the bash-script that do :
> 1. iptables -L -vnx
> 2. Parse the data from each respective chain
> 3. stor it to remote MySQL using MySql client tool
> 4. reset (zero ?) the value of each chain 
> 
> That way you can have a traffic record per station (ip addr) 
> 
> If you just need monitoring like MRTG (in bps, no detailed history
> record), it'll more simple ... you only need to hack NetSNMPD and use
> MRTG to do the rest, no SQL hasle. 
> 
> Sincerely
>  -bino- 
> 
> Alex Satrapa writes: 
> 
> > Lawrence Tang wrote:
> >> Does this will help to calculate each PC on LAN MB usage report ??
> > 
> > You should be able to configure it to do so. IPAC-NG uses separate 
> > accounting rules for every item that you want to report on. Thus if
> > you want individual accounting per PC, you can set it up to do so. 
> > 
> > Install it and fiddle. That's my recommendation. 
> > 
> > Alex Satrapa 
> > 
> >  
> > 
> > 
>  
> 
> 


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

Re: Performance Monitoring

[Ramin Dousti]

On Mon, Jan 05, 2004 at 11:02:33PM -0700, Michael Gale wrote:

> 
> Hello,
> 
> 	Even if you have a script that creates the chains for each IP .. if you
> use all the IP's from .1 to .250. Then a packet will have to be compared
> to 249 chains before if matches a chain if it is from or to IP .250.

One can come up with a btree which should reduce the worst case lookup to a max
of 8 lookups for a /24.

Ramin

> 
> This is not good.
> 
> Michael.

Re: Performance Monitoring

[Thhoep]

> One can come up with a btree which should reduce the worst case lookup to
a max
> of 8 lookups for a /24.

  i did this once with a traffic counting system. works nice, still not
perfect, but nice.

Re: Performance Monitoring

[Alex Satrapa]

Ramin Dousti wrote:
> One can come up with a btree which should reduce the worst case lookup to a max
> of 8 lookups for a /24.

It'd be better if netfilter supported some way of either binding rules 
to an interface, or allowing a hashtable-lookup for a "jump" based on IP 
address.

Re: Performance Monitoring

[Antony Stone]

On Sunday 11 January 2004 11:26 pm, Alex Satrapa wrote:

> Ramin Dousti wrote:
> > One can come up with a btree which should reduce the worst case lookup to
> > a max of 8 lookups for a /24.
>
> It'd be better if netfilter supported some way of either binding rules
> to an interface, or allowing a hashtable-lookup for a "jump" based on IP
> address.

It normally isn't much of a problem, because for most people, using the state 
match means that only the first packet of a new connection has to go through 
the ruleset looking for a rule to fnd out whether it's ACCEPTed or not - all 
future packets for the connection (assuming it gets ESTABLISHED) match on the 
very first rule and the whole system is quite efficient.

Of course, if you're not using state matching then the above does not apply, 
but this is why statefulness is one of the good bits about netfilter.

Antony.

-- 
These clients are often infected by viruses or other malware and need to be 
fixed.  If not, the user at that client needs to be fixed...

 - Henrik Nordstrom, on Squid user's mailing list

                                                     Please reply to the list;
                                                           please don't CC me.