----- Original Message ---- > From: Jason Dixon <ja...@dixongroup.net> > To: James Peltier <james_a_pelt...@yahoo.ca> > Cc: OpenBSD Mail List <misc@openbsd.org> > Sent: Tue, September 7, 2010 4:03:09 AM > Subject: Re: Bridge Monitoring > > On Mon, Sep 06, 2010 at 09:26:09PM -0700, James Peltier wrote: > > Hi All, > > > > Now that I have my new bridge in place and happily filtering away I would >like > > > to look at monitoring and graphing it. I'd like to setup a "monitor port" >style > > > so that I can send the traffic over to another box for processing. > > > > I was thinking of installing symon on the bridge itself and sending it > > over >to > > > another box. Additionally, I was looking at setting up a pflow device and > > sending it to another box and analyze using something like netflow >dashboard. > > > > We currently use a Cisco sending data to a GNU/Linux box running MRTG. We >use > > > arpwatch, IP Audit and other tools. > > > > Any ideas what might be best to use in this case? What are others using > > to
> > monitor their network firewalls, bridges or networks in general? > > Off the top of my head (probably forgetting a lot): > > munin, symon, cacti, reconnoiter, nfsen, netflow dashboard > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/ > Thanks for the responses. So it seems like using symon to capture the statistics and sending them to another box for processing is a workable solution. Could this also be done by using the pfsync device to mirror the traffic on another OpenBSD server. I do not want to install web server applications on the bridge or on my routers as that would increase the risk of compromise. Real-time analysis would be really nice and I think pfsync would allow for nearly that.
