Re: Traffic Accounting
Greetings! On 19 Jul 2003 23:35:08 +0300 kgb <[EMAIL PROTECTED]> wrote: > Which is best way for traffic accounting i use ipac-ng but i don't > like it anymore because it make my system under high load. If you don't want to mess around with IPtables just to do traffic accounting, you could try http://wyae.de/software/trafan/ which works even from a third machine - just plug in and be happy. I do not have any experiences with high load scenarios, though. Bye Volker Tanger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Accounting
Am 12:27 2003-07-20 -0400 hat George Georgalis geschrieben: >I don't run it, I'm just a by stander; but I bet you are not dealing >with cpu issues but disk io. run top and compare system load to your cpu >state % idle time. > >If you've got idle cpu, and load over one, you are most likely dealing >with disk speed not cpu time for hardware scsi, striped raid, on 15k >rpm disks :-P unfortunatly that's a lot more difficult and expensive >than upgrading cpu and ram :-\ Hmm, I have a very low disk-usage... I save the results all 5 Minutes and this give a very short flash at the HD LED. Oh yes, I hav only a 5400 prm. All work of ipac is done in memory... Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. +--+ | Michelle's Internet-ServiceInh. Michelle Konzack| | FunkLAN-Providerin | +--+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Accounting
On Sun, Jul 20, 2003 at 02:02:12PM -0400, George Georgalis wrote:
>On Sun, Jul 20, 2003 at 08:02:07PM +0300, kgb wrote:
>>
>>Yes, you're right but my question is, is there have other way to do accounting
>>some bash, shell script to fetch traffic with "tc" command from cbq shaper ?
>
>I don't really know that stuff... If you just want to log tcp/udp/icmp
>ip use iptables:
>
>iptables -N watchit
>iptables -I watchit -s 10.1.0.0/24 -p tcp -m state --state NEW -j LOG --log-prefix
>'##_NEW_## '
>
>and periodically do something like
>
>tablestats () {
>iptables -vnL >>${LOG}/iptablestats-${now}
>iptables -t nat -vnL >>${LOG}/iptablestats-${now}
>}
>
>
>or you may need qdisc routing and logging, I don't know much about
>that. My favorite setup is an ebtables bridging router/fw (has no ip
>address), patched to send packets through the netfilter tables. :)
>That and iptable stats should probably cover your needs.
>
Don't forget to use a good logging program like socklog!
also this is good doc:
On Fri, Jan 31, 2003 at 12:01:31AM -0600, Martin A. Brown wrote:
>Yes, ip-cref.{ps,pdf}, and ip-tunnel.{ps,pdf} are immensely helpful.
>This is Alexey Kuznetsov's documentation. He's one of the main
>kernel developers for the IP network stack (as nearly as I can
>tell).
// George
--
GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027<
Security Services, Web, Mail,mailto:[EMAIL PROTECTED]
Multimedia, DB, DNS and Metrics. http://www.galis.org/george
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Accounting
On Sun, Jul 20, 2003 at 08:02:07PM +0300, kgb wrote:
>On Sun, 2003-07-20 at 19:27, George Georgalis wrote:
>> On Sun, Jul 20, 2003 at 07:01:24PM +0300, kgb wrote:
>> >On Sun, 2003-07-20 at 15:58, Michelle Konzack wrote:
>> >> Hello Russian Secret Service Agent...
>> >>
>> >> Am 23:35 2003-07-19 +0300 hat kgb geschrieben:
>> >> >
>> >> >Hello,
>> >> >
>> >> >Which is best way for traffic accounting i use ipac-ng but i don't like
>> >> >it anymore because it make my system under high load.
>> >> >
>> >> >Thanks in advanced.
>> >>
>> >> I think there is no other choice...
>> >>
>> >> I use ipac on a 100 MBit LAN where I count the traffic of five
>> >> 11 MBit WaveLAN-Channels... where ipac has two NIC's and is
>> >> In-Line between the Main-Router and the Switch where the Lucent
>> >> ORINOCO COR-1100 and wireless Bridges are connected...
>> >>
>> >> Each channel has 120 Clients...
>> >>
>> >> I use a AMD Athlon XP 2400+ with 512 MByte of memory and the
>> >> load is around 17...
>> >>
>> >> I have for each client (all fixed IP's) two rules (rx/tx) to the
>> >> Internet and two rules (rx/tx) to the internal mail-Server.
>> >>
>> >> So I have completly 2400 rules plus som special-rules to count
>> >> ftp, http, shttp and mail traffic.
>> >>
>> >> In summary around 2500 rules.
>> >>
>> >> What Do you have ???
>> >>
>> >> Thanks
>> >> Michelle
>> >>
>> >I have over 2000 rules "bgpeer tx/rx", "internet tx/rx", "local traffic tx/rx"
>> >machine is AMD Athlon XP 1700+ with 1G ram i forgot how many rules are
>> >limit in iptables but when they are so many this is really sucks this is
>> >on 100Mbit LAN the problem is when fetchipac is running and ipacsum because
>> >file in /var/lib/ipac-ng/data.db is over 5G when file i smaller traffic is smaller
>> >or fetchipac and ipacsum is not running everything is fine i think thats can not
>> >be
>> >the only one way...
>> >
>>
>> I don't run it, I'm just a by stander; but I bet you are not dealing
>> with cpu issues but disk io. run top and compare system load to your cpu
>> state % idle time.
>>
>> If you've got idle cpu, and load over one, you are most likely dealing
>> with disk speed not cpu time for hardware scsi, striped raid, on 15k
>> rpm disks :-P unfortunatly that's a lot more difficult and expensive
>> than upgrading cpu and ram :-\
>>
>> // George
>>
>
>Yes, you're right but my question is, is there have other way to do accounting
>some bash, shell script to fetch traffic with "tc" command from cbq shaper ?
I don't really know that stuff... If you just want to log tcp/udp/icmp
ip use iptables:
iptables -N watchit
iptables -I watchit -s 10.1.0.0/24 -p tcp -m state --state NEW -j LOG --log-prefix
'##_NEW_## '
and periodically do something like
tablestats () {
iptables -vnL >>${LOG}/iptablestats-${now}
iptables -t nat -vnL >>${LOG}/iptablestats-${now}
}
or you may need qdisc routing and logging, I don't know much about
that. My favorite setup is an ebtables bridging router/fw (has no ip
address), patched to send packets through the netfilter tables. :)
That and iptable stats should probably cover your needs.
Just found these, should help with qdisc:
http://lartc.org/howto/index.html
http://lartc.org/howto/lartc.qdisc.html
http://lartc.org/howto/lartc.bridging.html
These are the links I saved from 6 or 8 months back.
http://plorf.net/linux-ip/html/
Guide to IP Layer Network Administration with Linux
http://users.pandora.be/bart.de.schuymer/ebtables/
http://users.pandora.be/bart.de.schuymer/ebtables/sourcecode.html
Ebtables homepage
http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
Ethernet Bridge + netfilter Howto
http://www.sparkle-cc.co.uk/firewall/firewall.html
Implementing a Bridging Firewall By David Whitmarsh
http://www.compsci.lyon.edu/mcritch/dante/
Dante - Traffic control and QoS with Linux
http://lartc.org/
Linux Advanced Routing & Traffic Control
http://lartc.org/howto/lartc.bridging.html
Building bridges, and pseudo-bridges with Proxy ARP
http://bridge.sourceforge.net/docs.html
http://bridge.sourceforge.net/docs/Firewalling for Free.pdf
Firewalling for Free, by Shawn Grimes.
http://www.pom.gr/ilisepe1/firewall_help.html#5
Transparent Firewall Bridging
http://plorf.net/linux-ip/html/ether-bridging.htm
Address Resolution Protocol and Bridging
http://www.zebra.org/
routing software
Have fun. Let us know what you come up with. :)
// George
--
GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027<
Security Services, Web, Mail,mailto:[EMAIL PROTECTED]
Multimedia, DB, DNS and Metrics. http://www.galis.org/george
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Accounting
On Sun, 2003-07-20 at 19:27, George Georgalis wrote: > On Sun, Jul 20, 2003 at 07:01:24PM +0300, kgb wrote: > >On Sun, 2003-07-20 at 15:58, Michelle Konzack wrote: > >> Hello Russian Secret Service Agent... > >> > >> Am 23:35 2003-07-19 +0300 hat kgb geschrieben: > >> > > >> >Hello, > >> > > >> >Which is best way for traffic accounting i use ipac-ng but i don't like > >> >it anymore because it make my system under high load. > >> > > >> >Thanks in advanced. > >> > >> I think there is no other choice... > >> > >> I use ipac on a 100 MBit LAN where I count the traffic of five > >> 11 MBit WaveLAN-Channels... where ipac has two NIC's and is > >> In-Line between the Main-Router and the Switch where the Lucent > >> ORINOCO COR-1100 and wireless Bridges are connected... > >> > >> Each channel has 120 Clients... > >> > >> I use a AMD Athlon XP 2400+ with 512 MByte of memory and the > >> load is around 17... > >> > >> I have for each client (all fixed IP's) two rules (rx/tx) to the > >> Internet and two rules (rx/tx) to the internal mail-Server. > >> > >> So I have completly 2400 rules plus som special-rules to count > >> ftp, http, shttp and mail traffic. > >> > >> In summary around 2500 rules. > >> > >> What Do you have ??? > >> > >> Thanks > >> Michelle > >> > >I have over 2000 rules "bgpeer tx/rx", "internet tx/rx", "local traffic tx/rx" > >machine is AMD Athlon XP 1700+ with 1G ram i forgot how many rules are > >limit in iptables but when they are so many this is really sucks this is > >on 100Mbit LAN the problem is when fetchipac is running and ipacsum because > >file in /var/lib/ipac-ng/data.db is over 5G when file i smaller traffic is smaller > >or fetchipac and ipacsum is not running everything is fine i think thats can not be > >the only one way... > > > > I don't run it, I'm just a by stander; but I bet you are not dealing > with cpu issues but disk io. run top and compare system load to your cpu > state % idle time. > > If you've got idle cpu, and load over one, you are most likely dealing > with disk speed not cpu time for hardware scsi, striped raid, on 15k > rpm disks :-P unfortunatly that's a lot more difficult and expensive > than upgrading cpu and ram :-\ > > // George > > > > -- > GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< > Security Services, Web, Mail,mailto:[EMAIL PROTECTED] > Multimedia, DB, DNS and Metrics. http://www.galis.org/george Yes, you're right but my question is, is there have other way to do accounting some bash, shell script to fetch traffic with "tc" command from cbq shaper ? -- Feci quod potui, faciant meliora potentes! signature.asc Description: This is a digitally signed message part
Re: Traffic Accounting
On Sun, Jul 20, 2003 at 07:01:24PM +0300, kgb wrote: >On Sun, 2003-07-20 at 15:58, Michelle Konzack wrote: >> Hello Russian Secret Service Agent... >> >> Am 23:35 2003-07-19 +0300 hat kgb geschrieben: >> > >> >Hello, >> > >> >Which is best way for traffic accounting i use ipac-ng but i don't like >> >it anymore because it make my system under high load. >> > >> >Thanks in advanced. >> >> I think there is no other choice... >> >> I use ipac on a 100 MBit LAN where I count the traffic of five >> 11 MBit WaveLAN-Channels... where ipac has two NIC's and is >> In-Line between the Main-Router and the Switch where the Lucent >> ORINOCO COR-1100 and wireless Bridges are connected... >> >> Each channel has 120 Clients... >> >> I use a AMD Athlon XP 2400+ with 512 MByte of memory and the >> load is around 17... >> >> I have for each client (all fixed IP's) two rules (rx/tx) to the >> Internet and two rules (rx/tx) to the internal mail-Server. >> >> So I have completly 2400 rules plus som special-rules to count >> ftp, http, shttp and mail traffic. >> >> In summary around 2500 rules. >> >> What Do you have ??? >> >> Thanks >> Michelle >> >I have over 2000 rules "bgpeer tx/rx", "internet tx/rx", "local traffic tx/rx" >machine is AMD Athlon XP 1700+ with 1G ram i forgot how many rules are >limit in iptables but when they are so many this is really sucks this is >on 100Mbit LAN the problem is when fetchipac is running and ipacsum because >file in /var/lib/ipac-ng/data.db is over 5G when file i smaller traffic is smaller >or fetchipac and ipacsum is not running everything is fine i think thats can not be >the only one way... > I don't run it, I'm just a by stander; but I bet you are not dealing with cpu issues but disk io. run top and compare system load to your cpu state % idle time. If you've got idle cpu, and load over one, you are most likely dealing with disk speed not cpu time for hardware scsi, striped raid, on 15k rpm disks :-P unfortunatly that's a lot more difficult and expensive than upgrading cpu and ram :-\ // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic Accounting
On Sun, 2003-07-20 at 15:58, Michelle Konzack wrote: > Hello Russian Secret Service Agent... > > Am 23:35 2003-07-19 +0300 hat kgb geschrieben: > > > >Hello, > > > >Which is best way for traffic accounting i use ipac-ng but i don't like > >it anymore because it make my system under high load. > > > >Thanks in advanced. > > I think there is no other choice... > > I use ipac on a 100 MBit LAN where I count the traffic of five > 11 MBit WaveLAN-Channels... where ipac has two NIC's and is > In-Line between the Main-Router and the Switch where the Lucent > ORINOCO COR-1100 and wireless Bridges are connected... > > Each channel has 120 Clients... > > I use a AMD Athlon XP 2400+ with 512 MByte of memory and the > load is around 17... > > I have for each client (all fixed IP's) two rules (rx/tx) to the > Internet and two rules (rx/tx) to the internal mail-Server. > > So I have completly 2400 rules plus som special-rules to count > ftp, http, shttp and mail traffic. > > In summary around 2500 rules. > > What Do you have ??? > > Thanks > Michelle > > -- > Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. > +--+ > | Michelle's Internet-ServiceInh. Michelle Konzack| > | FunkLAN-Providerin | > +--+ I have over 2000 rules "bgpeer tx/rx", "internet tx/rx", "local traffic tx/rx" machine is AMD Athlon XP 1700+ with 1G ram i forgot how many rules are limit in iptables but when they are so many this is really sucks this is on 100Mbit LAN the problem is when fetchipac is running and ipacsum because file in /var/lib/ipac-ng/data.db is over 5G when file i smaller traffic is smaller or fetchipac and ipacsum is not running everything is fine i think thats can not be the only one way... -- Feci quod potui, faciant meliora potentes! signature.asc Description: This is a digitally signed message part
Re: Traffic Accounting
Hello Russian Secret Service Agent... Am 23:35 2003-07-19 +0300 hat kgb geschrieben: > >Hello, > >Which is best way for traffic accounting i use ipac-ng but i don't like >it anymore because it make my system under high load. > >Thanks in advanced. I think there is no other choice... I use ipac on a 100 MBit LAN where I count the traffic of five 11 MBit WaveLAN-Channels... where ipac has two NIC's and is In-Line between the Main-Router and the Switch where the Lucent ORINOCO COR-1100 and wireless Bridges are connected... Each channel has 120 Clients... I use a AMD Athlon XP 2400+ with 512 MByte of memory and the load is around 17... I have for each client (all fixed IP's) two rules (rx/tx) to the Internet and two rules (rx/tx) to the internal mail-Server. So I have completly 2400 rules plus som special-rules to count ftp, http, shttp and mail traffic. In summary around 2500 rules. What Do you have ??? Thanks Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. +--+ | Michelle's Internet-ServiceInh. Michelle Konzack| | FunkLAN-Providerin | +--+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: ITP: cyclades-serial-client
Hello John, Am 08:52 2003-07-20 +1000 hat John Bordin geschrieben: > >Just complementing: > >1) For Sales in Germany, please contact Cyclades Germany >(http://www.cyclades.de/company/contact_info.php?region=de) >and click on the "Talk to us" button for email contact to Sales. I will write immediatly... >2) There are products for Windows that offer the same functionality as >Cyclades-serial-client. >The most well known are the products from >http://www.tacticalsoftware.com/. They are proprietary >SW and, of course, not free. And the Software does work with the Cyclades Serial-Terminal ? >Regards, >John Have a nice weekend Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. +--+ | Michelle's Internet-ServiceInh. Michelle Konzack| | FunkLAN-Providerin | +--+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Weird Reboots
On Sun, Jul 20, 2003 at 01:09:29AM -0500, Rod Rodolico wrote: > I don't understand what is going on. My machine has rebooted 5 times > between 10:00 and 18:00. I looked in syslog and the line contains 109 at > signs (@). That could be somebody or something trying to use a buffer overflow attack. That kind of attack often crashes the target machine and leaves signs like long lines in syslog. The fact that the machine rebooted so many times could be a sign that the exploit didn't work and the attacker was not able to brake in but I would not trust on that. On the other side, it could be a hardware problem too, memory being the principal suspect. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
