On Fri, 2005-08-05 at 11:46 -0400, kwon wrote: > On 8/4/2005 14:26, Eric House wrote: > > > Ok, so there seemed to be *some* interest in having a way for a LEAF > > box to display information about recent network activity over time. > > I've hacked together a prototype, and it's online. If anyone's > > interested, please take a look. What I've done runs on my LEAF box, > > though that's not where this is hosted: > > > > http://eehouse.org/cgi-bin/table.cgi > > > > Please let me know if this seems promising enough to be worthy of > > further work. Understand that it's buggy and incomplete! I think it > > does demonstrate where I'm headed though. > > > > BTW, I don't normally have port 80 open on this server. The above URL > > will probably break in a few days. > > > > Thanks, > > --Eric > > That really looks promising and what about a summary of attacks based on > the shorewall log? > Thanks, > Kwon
since i already display lots of data about my leaf-boxes i figured i could atlest mention how. i have about 10 leaf boxes running, some as firewall, some as router, some as bridges, some as IDS systems. on all of them i run net-snmp, and and collect snmp data and graph it using cricket, on a debian sarge webserver. This works, but can take quite some time to configure for each and every node. since they are not identical setups. If i was to do it over again now. I would have used a simpler solution, that dont involve meddeling in snmp space. i would just install the munin-node package. it can provide you with rrd graphs of all network traffic, load, cpu interupts etc etc etc. is rather low on cpu and load. If you want to graph attacks in logs you can use the loggrep module that's included. If you only run 1 leaf box, and want to show the result on Leaf box in question. you would also need the munin-server and a http server to display the result. the munin-node package is 897k in debian sarge, and the munin (server/collector) is 528k, this could probably be made much smaller. for a leaf box. an online munin example : http://www.linpro.no/projects/munin/example/ if you want summaries of logs you can use logcheck, and instead of the defaul of email you the results, you could have it show the data on a web page. or use munin loggrep if you want to make graphs from it. just my 2 cent. mvh Ronny Aasen ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
