syslog traffic analyzers

Rick Stevens rstevens at vitalstream.com
Thu Nov 3 06:08:31 UTC 2005 

On Wed, 2005-11-02 at 20:56 -0600, Mike McGrath wrote:
>  
> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com 
> > [mailto:fedora-list-bounces at redhat.com] On Behalf Of Justin Zygmont
> > Sent: Wednesday, November 02, 2005 8:55 PM
> > To: fedora-list at redhat.com
> > Subject: syslog traffic analyzers
> > 
> > I was wondering if anyone had any recommendations for a 
> > traffic analyzer that will read from a syslog file, and not 
> > just by binding to the network interface in promiscuous mode. 
> >  I was hoping to find a program that will show traffic usage 
> > by IP address, many of them just show the total traffic statistics.
> > 
> > 
> 
> I don't know of any way to get network information from a syslog file?
> I've used ntop in the past, I believe it had the information you are
> looking for but required binding to the network interface and running in
> promiscuous mode.  If you're looking to monitor network information on a
> number of machines on your network that you control I'd suggest cacti
> and SNMP.
> 
> http://freshmeat.net/projects/cacti/

Ah, uhm, cacti relies on snmp which will just show the total traffic.
He wants something more, methinks.

AFAIK, traffic is not logged to any log file.  If you have a busy
machine, the log file would overflow very, very quickly.  If you want
to track "so many bytes went between here and that IP over there" and
that type of thing, I suspect you want something like Cisco's "netflow"
system.  It tracks traffic at the router and periodically spits it out
to an analysis machine somewhere.  It is proprietary (to an extent) and
I don't know of a open source version.

If you want similar data, you really have no choice BUT to put your NIC
into promiscuous mode to see all the traffic there is.  You'd need to
absorb that data (a'la tcpdump) and process it as you see fit.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                  Heisenberg _may_ have slept here                  -
----------------------------------------------------------------------

More information about the users mailing list