Thanks for the reply. I have looked at the online tutorial for Cacti and pmacct, but I'm not interested in monitoring on a per host basis; at least for the time being. I have already configured and installed Cacti, pmacct, rrd tools etc, using the documentation provided by Pedro Sanchez. In regards to your questions, please see the answers below...
* How do you get traffic data from the underlying network ? libpcap,
NetFlow or sFlow ?
A. As of now, we will be relying on libpcap for most of the data capturing. We have a pmacct sensor, if you will, placed on our link-out router in span mode.
* What do you precisely mean by "port" ? Physical port, IP address,
MAC address, etc.
A. By port I mean the endpoint for the logical connection, such as port 80, 443 etc. We would like to understand which ports are being used the most, which is a complicated task because there are over 65000 ports to observe. I was thinking we could monitor in chunks. For example monitor between 1-1000, but my concern is the amount of data that will be generated. Is there any documentation on how to aggregate the data and avoid a high amount of disk usage? Also, I configured the mysql db for Cacti, and installed pmacct with mysql support, but it's not clear how these two are associated with the backend infrastructure.
* What kind of informations do you actually need ? Total traffic (ie.
incoming+ outcoming) per port, incoming/outcoming traffic per port,
an outlook of relevant traffic flows produced by each port, etc.
A. All of this information would be nice. It seems like the heart of this solution relies on the pmacct client queries, but I'm at a loss with knowing precisely what to input in order to get all of this information fed into the graphs. I'm assuming there could be a bulk configuration, in which specific queries can be configured in Cacti to present the data. Is this the case?
Any feedback would be greatly appreciated. Thanks, Ben
Paolo Lucente <[EMAIL PROTECTED]> wrote:
Hi Ben,
you can give a look to the online tutorial about interfacing Cacti
and pmacct. It well-defines the monitoring of traffic per host with
pmacct and Cacti on the same box. And it can easily be adapted in a
distributed fashion. In the case you have missed it, it is available
at the following URL:
http://www.ba.cnr.it/~paolo/pmacct/docs/cacti.html
And I would be happy to know whether you see it limiting for your
project. Perhaps, you can also give some more insights about your
environment and what you are interested into; a few ideas:
* How do you get traffic data from the underlying network ? libpcap,
NetFlow or sFlow ?
* What do you precisely mean by "port" ? Physical port, IP address,
MAC address, etc.
* What kind of informations do you actually need ? Total traffic (ie.
incoming+ outcoming) per port, incoming/outcoming traffic per port,
an outlook of relevant traffic flows produced by each port, etc.
Cheers,
Paolo
_______________________________________________
pmacct-discussion mailing list
pmacct-discussion@pmacct.net
http://muffin.area.ba.cnr.it/mailman/listinfo/pmacct-discussion
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
