Re: Advice for an IP accounting program
Francesco P. Lovergine [EMAIL PROTECTED] writes: The main purpose is identify periodically boxes on an internal private network which cause very high traffic, due to worms, virus and so. A per-IP simple report a la mrtg could be nice. plug mode=shameless My ulog-acctd, installed on the border router using Netfilter, has put much less load on the routers as compared to net-acct and any libpcap-based tool in tests at the ISP for which I wrote it./plug With a little know-how in shell-scripting, it should be trivial to generate statistics and graphs from its output. Cheers, -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advice for an IP accounting program
Craig Sanders [EMAIL PROTECTED] writes: With a little know-how in shell-scripting, it should be trivial to generate statistics and graphs from its output. if you modified it to produce Netflow output (same as cisco and other routers), then there's a good range of tools which already exist to do this. and, it's always a good idea to use an existing standard rather than reinvent the wheel. Unfortunately, I probably won't have the time for that, as I no longer work for the ISP I originally wrote the code for. And I suppose those guys no longer need it, either. (New manglement took over and for some reason decided they liked C and J better than L just about everywhere where it had proven to work very well at a fraction of the cost.) It still is a good idea, I actually thought about that at some time. Just never got around to implementing ulog-fprobe. e.g. these are already in debian: flow-tools - collects and processes NetFlow data flowscan - flow-based IP traffic analysis and visualization tool libcflow-perl - Perl module for analyzing raw IP flow files written by cflowd I am aware of those, btw, there are also two libpcap-based netflow capturers already debianised - a netfilter/ulog alternative would be a good thing. fprobe - exports NetFlow V5 datagrams to a remote collector pmacct - promiscuous mode traffic accountant Those presumably suffer from the same problem net-acct (which ulog-acctd was originally based on) does: Comparably high load for the same task. -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail::Milter
Dirk Tamme [EMAIL PROTECTED] writes: I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. To install Sendmail::Milter, I had done the following: Are you aware of libsendmail-milter-perl's existence? -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail::Milter
Dirk Tamme [EMAIL PROTECTED] writes: I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. To install Sendmail::Milter, I had done the following: Are you aware of libsendmail-milter-perl's existence? -Hilko
What Gigabit Ethernet card to buy?
Hi, I am currently in the process of choosing hardware for Debian GNU/Linux based router systems and am looking for Gigabit Ethernet interface cards (and appropriate mainboards). I have the following requirements (in that order): 1. Good driver support in 2.4 kernels (it'd be ok if the kernel had to be patched, I'm familiar with that...) 2. Adapter should put as little load on CPU as possible. 3. Decent throughput with both large and small packets. I have only found one paper[1] by Paul Gray that compares Gigabit Ethernet hardware. However, the tests seem to focus on server applications. The numbers from the paper suggest to me that the SysKonnect cards would be a good choice, Intel based adapters, on the other hand, seem to be quite popular and meanwhile there are quite a few boards with (at least) one Intel Gigabit Ethernet chip onboard. Do you have any recommendations? -Hilko [1] http://www.cs.uni.edu/~gray/gig-over-copper/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: anti virus software for mail server
J.J. van Gorkum [EMAIL PROTECTED] writes: amavisd-new (amavisd-ng has some mime decoding problems... especially pgp/gpg encrypted mail) As the maintainer of AMaViS-ng I am looking forward to your bug report about the issues you have encountered. Regards, -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: anti virus software for mail server
J.J. van Gorkum [EMAIL PROTECTED] writes: amavisd-new (amavisd-ng has some mime decoding problems... especially pgp/gpg encrypted mail) As the maintainer of AMaViS-ng I am looking forward to your bug report about the issues you have encountered. Regards, -Hilko
Re: Kaspersky Anti-Virus
Andrew Tait [EMAIL PROTECTED] writes: Has anyone else successfully setup exim with AVP, or has any ideas? Have you had a look at AMaViS-ng (http://www.sourceforge.net/projects/amavis)? -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
