e the specific packets
> to a dedicted plugin for this TCP SYN measurement activity. The tag
> solution would work similarly for NetFlow/IPFIX/sFlow.
>
> Paolo
>
> On Wed, Oct 18, 2017 at 05:08:53PM +0300, Vaggelis Koutroumpas wrote:
>> Hello,
>>
>> Is it possible t
Hello,
Is it possible to get a per IP total of SYN packets?
I am trying to implement some policies to block SYN packets if they
exceed a certain threshold (to mitigate SYN Floods), but before doing
that I want to first log all TCP SYN traffic for some time so that I can
get some useful stats out
Thanks for your suggestion guys,
How do you propose to work with UTC? Should the OS' clock run in UTC or
only the MySQL server?
I just feel that running the server clock in UTC will be a bit
uncomfortable having to constantly translate the dates from UTC to
UTC+2/3 while working with logs etc.
Hello,
I am using nfacct to process flows from our routers and store them in a
mysql database for processing and visualization.
I have a 'daily' table for storing the daily traffic for each IP. I've
set sql_history to 1d to store one record per day per IP.
This worked fine for months. Each
Hello Mario,
Yes they include everything AFAIK, but we don't have any multicast
traffic and the the broadcast traffic is very little on our VLANs
(mostly standard LAMP servers).
Plus the uplink interfaces (which I am monitoring/exporting flows for)
do not handle any broadcast traffic (except the
s still not bring no anything conclusive, is remote-
> access to your collector box a possibility? If yes, we can follow-up
> privately: i'd be more than happy to have a look myself.
>
> Cheers,
> Paolo
>
> On Sun, Nov 29, 2015 at 01:22:34AM +0200, Vaggelis Koutroumpas wrote:
&
Hi Paolo,
> Posed I'm no expert of RouterOS; if it has a NetFlow export process,
> can you check if it pegs at 100% CPU? Or if anything suspicious emerges
> from the router logs?
The netflow process runs at 0.1-0.2% CPU (on a 36core router).
Unfortunately RouterOS' netflow options and stats are