If you go the netflow route you might consider FlowViewer/SiLK for the collector/analyzer. It is web driven and allows you to easily establish traffic thresholds which will generate an alert email.
https://sourceforge.net/projects/flowviewer Joe "NANOG" <[email protected]> wrote on 11/14/2014 02:35:44 AM: > From: Murat Kaipov <[email protected]> > To: "'Eliezer Croitoru'" <[email protected]>, <[email protected]> > Date: 11/14/2014 02:37 AM > Subject: RE: Linux router traffic monitoring, how? netflow? > Sent by: "NANOG" <[email protected]> > > Hello Eliezer. > Netflow will be the best solution to find the host that's generate > load. First you need decide what netflow analyzer you'll use. I know > about some plugin to Cacti. Than you need install IPT-NETFLOW to > your Ubuntu router. > Also you have another way, you can monitor (snmp traffic) all ports > on switches and then find analyze. > B.R. Murat > > > -----Original Message----- > From: NANOG [mailto:[email protected]] On Behalf Of Eliezer Croitoru > Sent: Thursday, November 13, 2014 8:10 PM > To: [email protected] > Subject: Linux router traffic monitoring, how? netflow? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey all, > > I have a tiny linux router based on ubuntu and sometimes I get a > massive load of UDP traffic because of one of the PCs in the network. > Usually I handle the situation with a strict block using iptables. > The main issue is to find it due to the load. > For now I am monitoring the traffic load using MRTG but it won't notify me. > I can try to use nagios to monitor traffic load for a period of time > but before I start working on it I want another person opinion and options. > > I have seen netflow in the past but never actually used it. > > Thanks in advance, > Eliezer > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ > GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R > MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP > eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4 > cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2 > IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM= > =gZaZ > -----END PGP SIGNATURE-----
