On Tue, 18 Jan 2005, dima wrote:
Date: Tue, 18 Jan 2005 12:36:15 +0300
From: dima <_pppp@xxxxxxx>
To: Andrew McNaughton <andrew@xxxxxxxxxxx>
Cc: freebsd-isp@xxxxxxxxxxx
Subject: Re: Monitoring traffic volumes by country
Can anyone suggest a tool that can collect statistics on traffic volumes
by the country of the remote host. That on its own would go a long way
for me, but if it coulod also break down on incoming vs outgoing traffic
and by local port number that would be ideal.
NetFlow is the "ideal" solution for you.
The best solution for FreeBSD would be ng_netflow kernel module
since all the other implementations (softflowd, fprobe, ntop etc)
use pcap which is a quite CPU-consuming way.
You can:
1) force collector to aggregate traffic by source AS
and find out autonomous system to country relation somehow;
2) aggregate traffic by source IP and make the IP address to country resolution
with GeoIP.
Where does the CPU time go with pcap? Is it in the kernal or in userland?
I suspect that for my current needs I can live with a bit of CPU load,
but am not sure where to expect to look for it to turn up.
Andrew
--
The United States is committed to the worldwide elimination of
torture and we are leading this fight by example."
- George Bush, 26 June 2003
-------------------------------------------------------------------
Andrew McNaughton Living in a shack in Tasmania
andrew@xxxxxxxxxxx Between the bush and the sea
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
http://www.scoop.co.nz/
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
| 