Our network providers used "SiLK" software and NetFlow protocol
a few years back:
http://tools.netsa.cert.org/silk/
http://www.splintered.net/sw/flow-tools/
http://sourceforge.net/projects/ng-netflow/
AFAIK this is a system which lets you analyze "Flows" saved on
your server, which in turn are reports regularly generated by your
firewalls (i.e. every 15min) on passed/blocked traffic.
They can amount to several gigabytes per month, and flows may
be sent by routers only once over UDP (as it was back then), so
a quick frontend "catcher" (or two for redundancy) which, in
particular, boot quickly; and a larger backend server with RAID0
or RAID10 were suggested for an ISP reference architecture.
Overall with custom(ized?) web interface for queries like "top 10
traffic hogs of the day" or "high entropy - viruses/worms of client
computers scanning the internet" it was a nifty service. I am away
from that net now, so I can't say if this is used anymore though.
Cisco NetFlows in particular are known to be compatible and
were used in our provider's network, with several configurable
targets ("catcher" servers); so to me the question would be -
how to generate NetFlows on an IPFilter server? :)
HTH,
//Jim
Efren Bravo пишет:
Hi,
I want to monitoring the traffic of the external ethernet of my
freeBSD firewall.
I want the reports, if it's possible:
-- lan traffic with mrtg (entire traffic and separate by port usage)
-- reports of the my hosts' access
Could you point me on the right direction?
Thank you in advance
--
+============================================================+
| |
| Климов Евгений, Jim Klimov |
| технический директор CTO |
| ЗАО "ЦОС и ВТ" JSC COS&HT |
| |
| +7-903-7705859 (cellular) mailto:[email protected] |
| CC:[email protected],[email protected] |
+============================================================+
| () ascii ribbon campaign - against html mail |
| /\ - against microsoft attachments |
+============================================================+
