John Lange wrote: >> Ntop seems like a wonderful tool for monitoring network traffic but my understanding of it's design is that it is intended to be used as a "real time" tool, not really for long term accounting and billing purposes. After spending several hours reading through the web site I can find several mentions of billing/accounting solutions using things like "Netflow", or "sprobe" and the like. However, the site is mostly the typical wishy-washy marking/white-paper type stuff and there is almost no solid information on actual implementation. We have a single linux box that takes a mirror port from our main internet link. We need to monitor and report on traffic for accounting and billing purposes. What is the solution? Can someone give me a bit of detail on how the solution would look? <<
Hi John, I've had some success with using IPTraf for collection, and Sawmill to grind the Iptraf traffic logs. Iptraf logs are just delimeted text, so you can import it into a variety of formats, spreadsheets, databases, whatever.... It also does session and Protocol stats logs. Sawmill isn't free, (Well actually it is, if you contribute some testing time to the developer) but can process over 50 different kinds of text log formats including tcpdump, PIX , Cisco IOS, Squid....you name it. You can also grind tcpdump text ouput (redirected from stdout to a file) directly with Sawmill if you wish, just have to make sure you grab enough of the packet with the -s switch to get your header info, without filling your disk in a single day! I've found combination approach works pretty well. Ntop gives me the dashboard view which is invaluable for instant analysis. Iptraf gives me the ongoing traffic history logs. Sawmill slices 'n dices the logs and makes pretty picures and summaries. Rgds, Rob -- The information contained in this e-mail message is intended only for the use of the person or entity to whom it is addressed and may contain information that is CONFIDENTIAL and may be exempt from disclosure under applicable laws. If you read this message and are not the addressee you are notified that use, dissemination, distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify us immediately and delete the original message. You should scan this message and any attached files for viruses. Axon accepts no liability for any loss caused either directly or indirectly by a virus arising from the use of this message or any attached file. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
