what ntop can offer you today is: per protocol/per host accounting saved on disk on RRD format.
In your setup you need to download ntop (you can find binary packages here http://www.sourceforge.net/projects/ntop/) and activate it on you mirror interface (do not forget to add the -o flag as you're on a mirror link). start ntop, choose Admin -> Plugins -> RRDplugin. Enable the plugin, mark the Hosts (into Data to Dump) tick and specify the subnet where the hosts you need to account are placed.
Otherwise you can use ntop to collect NetFlow or sFlow flows from real routers (e.g. Cisco's) or probes such as nProbe/nBox (www.ntop.org/nProbe.html).
Bottom line: if you're used to SNMP MIB-II aggregate interface traffic statistics using MRTG you'll find much more meat here.
Enjoy, Luca
[EMAIL PROTECTED] wrote:
John Lange wrote:
Ntop seems like a wonderful tool for monitoring network traffic but my understanding of it's design is that it is intended to be used as a "real time" tool, not really for long term accounting and billing purposes.
After spending several hours reading through the web site I can find several mentions of billing/accounting solutions using things like "Netflow", or "sprobe" and the like. However, the site is mostly the typical wishy-washy marking/white-paper type stuff and there is almost no solid information on actual implementation.
We have a single linux box that takes a mirror port from our main internet link. We need to monitor and report on traffic for accounting and billing purposes.
What is the solution? Can someone give me a bit of detail on how the solution would look?
<<
Hi John, I've had some success with using IPTraf for collection, and Sawmill
to grind the Iptraf traffic logs.
Iptraf logs are just delimeted text, so you can import it into a variety of
formats, spreadsheets, databases, whatever....
It also does session and Protocol stats logs.
Sawmill isn't free, (Well actually it is, if you contribute some testing
time to the developer) but can process over 50 different kinds of text log
formats including tcpdump, PIX , Cisco IOS, Squid....you name it.
You can also grind tcpdump text ouput (redirected from stdout to a file)
directly with Sawmill if you wish, just have to make sure you grab enough of
the packet with the -s switch to get your header info, without filling your
disk in a single day!
I've found combination approach works pretty well. Ntop gives me the dashboard view which is invaluable for instant analysis.
Iptraf gives me the ongoing traffic history logs.
Sawmill slices 'n dices the logs and makes pretty picures and summaries.
Rgds,
Rob
-- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
