Re: Re-post, with additional questions/infomation: Traffic monitoring/logging question
On Tue, Mar 05, 2002 at 10:50:26PM +0100, Auke Rensen wrote: > NTOP: > 1.) Does anyone know how to log and store the collected data? > 2.) Does anyone know how to insert specific source/destination rules? Take a look at the netflow/sflow exporting capabilities of ntop. It is almost compatible with the netflow exports of cisco routers. bye, -christian- -- Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for ProfessionalsFax 0241/911879 WESTEND ist CISCO Systems Partner - Premier Certified -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re-post, with additional questions/infomation: Traffic monitoring/logging question
Hellow, The problem need to be split in 2: - where to take the information from - how to analyse them. To get a good accounting, especially with a NAT'ed situation, simply use some accounting rules in iptables on your firwall. From there, you need some scripts that 'll collect the information and storge them in the approriate way. IPAC does it but does not store it properly, cricket need to be extended by adding a script, same for MRTG. Hope that help, JeF On Tue, Mar 05, 2002 at 10:50:26PM +0100, Auke Rensen wrote: > Hi list(eners), > > Thanks for the previous suggestions. > Despite this suggestions, we still can't find a suitable solution. > > We have looked at NTOP , IPAC and MRTG. > MRTG does not give us the right information in the right for, so this > ain't an option. > > It seems that both other utils need some in depth knowledge to let them > fit our situation. > > Let me try to explain the situation a bit better. > > We've got a firewall witch connects multiple LAN's to the internet. > On both LAN's there are public services, witch are accessable from the > internet via NAT rules. > > We need to track and log all possible traffice and analize it on a > daily, weekly and monthly basis, so we can devide te cost of the connection. > > Here are the questions about IPAC and NTOP. > > IPAC: > 1.) Does IPAC support DNAT, SNAT and forward rules? > 2.) Does anyone have /know some documentation on IPAC > 3.) Has someone succesfully implemented this in a similar situation? > > NTOP: > 1.) Does anyone know how to log and store the collected data? > 2.) Does anyone know how to insert specific source/destination rules? > > > I hope someone can help us further. > > Anyway, thanks in advance. > > > > A.M. (Auke) Rensen > Senior System Engineer > > Ovation B.V. > > > > > > Original message: > = > For our company's shared internet connection, I'm looking for a utility > to monitor and log the generated traffic over the internet connection. > As you can see there are two LAN's connected to a firewall/proxy server. > The firewall uses IPTables, DNAT and SNAT. > > > > > Situation sketch > > -- > | Internet | > -- > | > _| > / >| <= eth0 > _| > |__| --- > |__| <= | Debian GNU/Linux Firewall | > | | <= | Release: Unstable | > | | <= | Kernel: 2.4.16| > |+ === | <= | Proxy: Squid | > | | --- > | | > | | > |__| > eth1 => || <= eth2 > || > ||__ > | | > | | > |---|---| | > LAN1 | > | > |---|---| > LAN2 > > > > > What I'm looking for is a application (or a combination of multiple) > witch can build some usage reports. > We need this information to share the bill of the internet connection > fairly. > I'd like to be able to create daily, weekly, monthly and yearly reports. > What I'd like to know is if someone knows a utility witch is at least > capable of giving the following statistics: > > Traffic from: > - > - LAN1 <=> internet, in bytes. > - LAN2 <=> internet, in bytes. > - LAN1 <=> LAN2, in bytes. > - Total amount of traffic from all LAN's <=> Internet. > > Reports: > > I'd prefer the reports in some kind of graphical way, but plain text > would also be fine. > I need to get "per host statistics", to compare them to the total amount > of traffic > > Note: > - > The clients on both LAN's use the firewall as proxy server (...) > This traffic MUST also be included in the statistics. > > > I know this all CAN be done, but I don't know where to start. > Can anybody help me? > > > Thanks in advance, > > > > A.M. (Auke) Rensen > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re-post, with additional questions/infomation: Traffic monitoring/logging question
Hi list(eners), Thanks for the previous suggestions. Despite this suggestions, we still can't find a suitable solution. We have looked at NTOP , IPAC and MRTG. MRTG does not give us the right information in the right for, so this ain't an option. It seems that both other utils need some in depth knowledge to let them fit our situation. Let me try to explain the situation a bit better. We've got a firewall witch connects multiple LAN's to the internet. On both LAN's there are public services, witch are accessable from the internet via NAT rules. We need to track and log all possible traffice and analize it on a daily, weekly and monthly basis, so we can devide te cost of the connection. Here are the questions about IPAC and NTOP. IPAC: 1.) Does IPAC support DNAT, SNAT and forward rules? 2.) Does anyone have /know some documentation on IPAC 3.) Has someone succesfully implemented this in a similar situation? NTOP: 1.) Does anyone know how to log and store the collected data? 2.) Does anyone know how to insert specific source/destination rules? I hope someone can help us further. Anyway, thanks in advance. A.M. (Auke) Rensen Senior System Engineer Ovation B.V. Original message: = For our company's shared internet connection, I'm looking for a utility to monitor and log the generated traffic over the internet connection. As you can see there are two LAN's connected to a firewall/proxy server. The firewall uses IPTables, DNAT and SNAT. Situation sketch -- | Internet | -- | _| / | <= eth0 _| |__| --- |__| <= | Debian GNU/Linux Firewall | | | <= | Release: Unstable | | | <= | Kernel: 2.4.16| |+ === | <= | Proxy: Squid | | | --- | | | | |__| eth1 => || <= eth2 || ||__ | | | | |---|---| | LAN1 | | |---|---| LAN2 What I'm looking for is a application (or a combination of multiple) witch can build some usage reports. We need this information to share the bill of the internet connection fairly. I'd like to be able to create daily, weekly, monthly and yearly reports. What I'd like to know is if someone knows a utility witch is at least capable of giving the following statistics: Traffic from: - - LAN1 <=> internet, in bytes. - LAN2 <=> internet, in bytes. - LAN1 <=> LAN2, in bytes. - Total amount of traffic from all LAN's <=> Internet. Reports: I'd prefer the reports in some kind of graphical way, but plain text would also be fine. I need to get "per host statistics", to compare them to the total amount of traffic Note: - The clients on both LAN's use the firewall as proxy server (...) This traffic MUST also be included in the statistics. I know this all CAN be done, but I don't know where to start. Can anybody help me? Thanks in advance, A.M. (Auke) Rensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
On Fri, 2002-03-01 at 21:00, Robert Waldner wrote: > > On 01 Mar 2002 14:22:43 +1100, Kevin Littlejohn writes: > >Be aware that on-the-wire counting will give you traffic counts > >inclusive of packet overhead, whereas counting in squid will give you > >only the size of the content in question. Don't do math on these > >things, as one rather large provider used to do ;) > > Why go to trouble with accounting in squid? Just account on the > "insode" interfaces, compare with the totals of "outside" and you're > set. ipac-ng can do this, only the png-generation is severely broken > at the moment (I'm debugging it right now). If that's all you need, that's fine. If you need to break down billing based on "proxy traffic is xc/Mb, other traffic is yc/Mb", then you'll need to at least document the different counting methodologies - otherwise, your downstream will want to know what the story is ;) > >Be aware of media-specific packet wrapping sizes, and be aware of the > >difference between "the size of the content", and "the size of the > >content + IP headers". > > Just account on the same layer everywhere and you can split the bill > from the ISP in the proper %s. (While I'm being pedantic) Different physical media have different packet overheads. I don't _think_ there's a difference between 10Mbps and 100Mbps, for instance, but there's definitely a difference between ethernet and dialup (or aDSL, or what-have-you). KevinL -- Internet techieObsidian Consulting Group Phone: +613 9653 9364Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
On 01 Mar 2002 14:22:43 +1100, Kevin Littlejohn writes: >Be aware that on-the-wire counting will give you traffic counts >inclusive of packet overhead, whereas counting in squid will give you >only the size of the content in question. Don't do math on these >things, as one rather large provider used to do ;) Why go to trouble with accounting in squid? Just account on the "insode" interfaces, compare with the totals of "outside" and you're set. ipac-ng can do this, only the png-generation is severely broken at the moment (I'm debugging it right now). >Be aware of media-specific packet wrapping sizes, and be aware of the >difference between "the size of the content", and "the size of the >content + IP headers". Just account on the same layer everywhere and you can split the bill from the ISP in the proper %s. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgphoJBZrUaNf.pgp Description: PGP signature
Re: Traffic monitoring/logging question
On Fri, 2002-03-01 at 21:00, Robert Waldner wrote: > > On 01 Mar 2002 14:22:43 +1100, Kevin Littlejohn writes: > >Be aware that on-the-wire counting will give you traffic counts > >inclusive of packet overhead, whereas counting in squid will give you > >only the size of the content in question. Don't do math on these > >things, as one rather large provider used to do ;) > > Why go to trouble with accounting in squid? Just account on the > "insode" interfaces, compare with the totals of "outside" and you're > set. ipac-ng can do this, only the png-generation is severely broken > at the moment (I'm debugging it right now). If that's all you need, that's fine. If you need to break down billing based on "proxy traffic is xc/Mb, other traffic is yc/Mb", then you'll need to at least document the different counting methodologies - otherwise, your downstream will want to know what the story is ;) > >Be aware of media-specific packet wrapping sizes, and be aware of the > >difference between "the size of the content", and "the size of the > >content + IP headers". > > Just account on the same layer everywhere and you can split the bill > from the ISP in the proper %s. (While I'm being pedantic) Different physical media have different packet overheads. I don't _think_ there's a difference between 10Mbps and 100Mbps, for instance, but there's definitely a difference between ethernet and dialup (or aDSL, or what-have-you). KevinL -- Internet techieObsidian Consulting Group Phone: +613 9653 9364Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
On 01 Mar 2002 14:22:43 +1100, Kevin Littlejohn writes: >Be aware that on-the-wire counting will give you traffic counts >inclusive of packet overhead, whereas counting in squid will give you >only the size of the content in question. Don't do math on these >things, as one rather large provider used to do ;) Why go to trouble with accounting in squid? Just account on the "insode" interfaces, compare with the totals of "outside" and you're set. ipac-ng can do this, only the png-generation is severely broken at the moment (I'm debugging it right now). >Be aware of media-specific packet wrapping sizes, and be aware of the >difference between "the size of the content", and "the size of the >content + IP headers". Just account on the same layer everywhere and you can split the bill from the ISP in the proper %s. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05589/pgp0.pgp Description: PGP signature
Re: Traffic monitoring/logging question
Be aware that on-the-wire counting will give you traffic counts inclusive of packet overhead, whereas counting in squid will give you only the size of the content in question. Don't do math on these things, as one rather large provider used to do ;) Be aware of media-specific packet wrapping sizes, and be aware of the difference between "the size of the content", and "the size of the content + IP headers". KevinL On Fri, 2002-03-01 at 08:17, Jean-Francois Dive wrote: > mm nice scheme. Did you wrote an RFC or ?? (uppercase must, can ;) > > The key is to the be able to account the traffic which is a miss in > squid and this, on a per client basis. Squid have a mib which > give you such stats, this is good. I developed an addon to this > mib to get a per subnet stats, if you 're interested, i can send you > the patch. So, you can use iptables accounting: using the right > setup should be easy. The only tricky part is for ftp, irc etc.. > traffic: you need to use the new --helper feature of iptables which > match any traffic that use the ipconntrack helper moduler XXX. > Aggregating all these information will give you the numbers you want. > For stocking and reporting, you can use mrtg or cricket or a script > and RRDtool or logtrend which is pretty nice but still very poor > snmp wise. > > Hope that help, > > JeF -- Internet techieObsidian Consulting Group Phone: +613 9653 9364Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
Auke Rensen, Wed, Feb 27, 2002 at 04:41:36PM +0100: > What I'm looking for is a application (or a combination of multiple) witch > can build some usage reports. > We need this information to share the bill of the internet connection > fairly. > I'd like to be able to create daily, weekly, monthly and yearly reports. > What I'd like to know is if someone knows a utility witch is at least > capable of giving the following statistics: > If I'm not mistaken, mrtg can be integrated with iptables/ipchains to produce the stats you need. You might want to have a look at ntop as well. g pgpnxsYxXEypn.pgp Description: PGP signature
Re: Traffic monitoring/logging question
Be aware that on-the-wire counting will give you traffic counts inclusive of packet overhead, whereas counting in squid will give you only the size of the content in question. Don't do math on these things, as one rather large provider used to do ;) Be aware of media-specific packet wrapping sizes, and be aware of the difference between "the size of the content", and "the size of the content + IP headers". KevinL On Fri, 2002-03-01 at 08:17, Jean-Francois Dive wrote: > mm nice scheme. Did you wrote an RFC or ?? (uppercase must, can ;) > > The key is to the be able to account the traffic which is a miss in > squid and this, on a per client basis. Squid have a mib which > give you such stats, this is good. I developed an addon to this > mib to get a per subnet stats, if you 're interested, i can send you > the patch. So, you can use iptables accounting: using the right > setup should be easy. The only tricky part is for ftp, irc etc.. > traffic: you need to use the new --helper feature of iptables which > match any traffic that use the ipconntrack helper moduler XXX. > Aggregating all these information will give you the numbers you want. > For stocking and reporting, you can use mrtg or cricket or a script > and RRDtool or logtrend which is pretty nice but still very poor > snmp wise. > > Hope that help, > > JeF -- Internet techieObsidian Consulting Group Phone: +613 9653 9364Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
Auke Rensen, Wed, Feb 27, 2002 at 04:41:36PM +0100: > What I'm looking for is a application (or a combination of multiple) witch > can build some usage reports. > We need this information to share the bill of the internet connection > fairly. > I'd like to be able to create daily, weekly, monthly and yearly reports. > What I'd like to know is if someone knows a utility witch is at least > capable of giving the following statistics: > If I'm not mistaken, mrtg can be integrated with iptables/ipchains to produce the stats you need. You might want to have a look at ntop as well. g msg05584/pgp0.pgp Description: PGP signature
Re: Traffic monitoring/logging question
mm nice scheme. Did you wrote an RFC or ?? (uppercase must, can ;) The key is to the be able to account the traffic which is a miss in squid and this, on a per client basis. Squid have a mib which give you such stats, this is good. I developed an addon to this mib to get a per subnet stats, if you 're interested, i can send you the patch. So, you can use iptables accounting: using the right setup should be easy. The only tricky part is for ftp, irc etc.. traffic: you need to use the new --helper feature of iptables which match any traffic that use the ipconntrack helper moduler XXX. Aggregating all these information will give you the numbers you want. For stocking and reporting, you can use mrtg or cricket or a script and RRDtool or logtrend which is pretty nice but still very poor snmp wise. Hope that help, JeF On Wed, Feb 27, 2002 at 04:41:36PM +0100, Auke Rensen wrote: > For our company's shared internet connection, I'm looking for a utility to > monitor and log the generated traffic over the internet connection. > As you can see there are two LAN's connected to a firewall/proxy server. > The firewall uses IPTables, DNAT and SNAT. > > > > > Situation sketch > > -- > | Internet | > -- > | > _| >/ > | <= eth0 > _| > |__| --- > |__| <= | Debian GNU/Linux Firewall | > | | <= | Release: Unstable | > | | <= | Kernel: 2.4.16| > |+ === | <= | Proxy: Squid | > | | --- > | | > | | > |__| > eth1 => || <= eth2 > || > ||__ > | | > | | > |---|---| | > LAN1 | > | > |---|---| > LAN2 > > > > > What I'm looking for is a application (or a combination of multiple) witch > can build some usage reports. > We need this information to share the bill of the internet connection > fairly. > I'd like to be able to create daily, weekly, monthly and yearly reports. > What I'd like to know is if someone knows a utility witch is at least > capable of giving the following statistics: > > Traffic from: > - > - LAN1 <=> internet, in bytes. > - LAN2 <=> internet, in bytes. > - LAN1 <=> LAN2, in bytes. > - Total amount of traffic from all LAN's <=> Internet. > > Reports: > > I'd prefer the reports in some kind of graphical way, but plain text would > also be fine. > I need to get "per host statistics", to compare them to the total amount of > traffic > > Note: > - > The clients on both LAN's use the firewall as proxy server (...) > This traffic MUST also be included in the statistics. > > > I know this all CAN be done, but I don't know where to start. > Can anybody help me? > > > Thanks in advance, > > > > A.M. (Auke) Rensen > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
mm nice scheme. Did you wrote an RFC or ?? (uppercase must, can ;) The key is to the be able to account the traffic which is a miss in squid and this, on a per client basis. Squid have a mib which give you such stats, this is good. I developed an addon to this mib to get a per subnet stats, if you 're interested, i can send you the patch. So, you can use iptables accounting: using the right setup should be easy. The only tricky part is for ftp, irc etc.. traffic: you need to use the new --helper feature of iptables which match any traffic that use the ipconntrack helper moduler XXX. Aggregating all these information will give you the numbers you want. For stocking and reporting, you can use mrtg or cricket or a script and RRDtool or logtrend which is pretty nice but still very poor snmp wise. Hope that help, JeF On Wed, Feb 27, 2002 at 04:41:36PM +0100, Auke Rensen wrote: > For our company's shared internet connection, I'm looking for a utility to > monitor and log the generated traffic over the internet connection. > As you can see there are two LAN's connected to a firewall/proxy server. > The firewall uses IPTables, DNAT and SNAT. > > > > > Situation sketch > > -- > | Internet | > -- > | > _| >/ > | <= eth0 > _| > |__| --- > |__| <= | Debian GNU/Linux Firewall | > | | <= | Release: Unstable | > | | <= | Kernel: 2.4.16| > |+ === | <= | Proxy: Squid | > | | --- > | | > | | > |__| > eth1 => || <= eth2 > || > ||__ > | | > | | > |---|---| | > LAN1 | > | > |---|---| > LAN2 > > > > > What I'm looking for is a application (or a combination of multiple) witch > can build some usage reports. > We need this information to share the bill of the internet connection > fairly. > I'd like to be able to create daily, weekly, monthly and yearly reports. > What I'd like to know is if someone knows a utility witch is at least > capable of giving the following statistics: > > Traffic from: > - > - LAN1 <=> internet, in bytes. > - LAN2 <=> internet, in bytes. > - LAN1 <=> LAN2, in bytes. > - Total amount of traffic from all LAN's <=> Internet. > > Reports: > > I'd prefer the reports in some kind of graphical way, but plain text would > also be fine. > I need to get "per host statistics", to compare them to the total amount of > traffic > > Note: > - > The clients on both LAN's use the firewall as proxy server (...) > This traffic MUST also be included in the statistics. > > > I know this all CAN be done, but I don't know where to start. > Can anybody help me? > > > Thanks in advance, > > > > A.M. (Auke) Rensen > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Traffic monitoring/logging question
On Mit, 27 Feb 2002, Auke Rensen wrote: > For our company's shared internet connection, I'm looking for a utility to > monitor and log the generated traffic over the internet connection. > As you can see there are two LAN's connected to a firewall/proxy server. > The firewall uses IPTables, DNAT and SNAT. Maybe ipac-ng is suitable for you http://packages.debian.org/unstable/net/ipac-ng.html The output can be text: # ipacsum -t today -f all IP accounting summary Host: hopi / Time created: 2002/02/27 17:16:47 CE Data from 2002/02/27 00:00:00 CE to 2002/02/27 17:16:47 CE total in all:701M total out all : 2053M or graphics: http://www.hostsharing.net/tech/traffic/gesamt.htm (sorry german) -- Noèl Köthe
Traffic monitoring/logging question
For our company's shared internet connection, I'm looking for a utility to monitor and log the generated traffic over the internet connection. As you can see there are two LAN's connected to a firewall/proxy server. The firewall uses IPTables, DNAT and SNAT. Situation sketch -- | Internet | -- | _| / | <= eth0 _| |__| --- |__| <= | Debian GNU/Linux Firewall | | | <= | Release: Unstable | | | <= | Kernel: 2.4.16| |+ === | <= | Proxy: Squid | | | --- | | | | |__| eth1 => || <= eth2 || ||__ | | | | |---|---| | LAN1 | | |---|---| LAN2 What I'm looking for is a application (or a combination of multiple) witch can build some usage reports. We need this information to share the bill of the internet connection fairly. I'd like to be able to create daily, weekly, monthly and yearly reports. What I'd like to know is if someone knows a utility witch is at least capable of giving the following statistics: Traffic from: - - LAN1 <=> internet, in bytes. - LAN2 <=> internet, in bytes. - LAN1 <=> LAN2, in bytes. - Total amount of traffic from all LAN's <=> Internet. Reports: I'd prefer the reports in some kind of graphical way, but plain text would also be fine. I need to get "per host statistics", to compare them to the total amount of traffic Note: - The clients on both LAN's use the firewall as proxy server (...) This traffic MUST also be included in the statistics. I know this all CAN be done, but I don't know where to start. Can anybody help me? Thanks in advance, A.M. (Auke) Rensen
Re: Traffic monitoring/logging question
On Mit, 27 Feb 2002, Auke Rensen wrote: > For our company's shared internet connection, I'm looking for a utility to > monitor and log the generated traffic over the internet connection. > As you can see there are two LAN's connected to a firewall/proxy server. > The firewall uses IPTables, DNAT and SNAT. Maybe ipac-ng is suitable for you http://packages.debian.org/unstable/net/ipac-ng.html The output can be text: # ipacsum -t today -f all IP accounting summary Host: hopi / Time created: 2002/02/27 17:16:47 CE Data from 2002/02/27 00:00:00 CE to 2002/02/27 17:16:47 CE total in all:701M total out all : 2053M or graphics: http://www.hostsharing.net/tech/traffic/gesamt.htm (sorry german) -- Noèl Köthe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Traffic monitoring/logging question
For our company's shared internet connection, I'm looking for a utility to monitor and log the generated traffic over the internet connection. As you can see there are two LAN's connected to a firewall/proxy server. The firewall uses IPTables, DNAT and SNAT. Situation sketch -- | Internet | -- | _| / | <= eth0 _| |__| --- |__| <= | Debian GNU/Linux Firewall | | | <= | Release: Unstable | | | <= | Kernel: 2.4.16| |+ === | <= | Proxy: Squid | | | --- | | | | |__| eth1 => || <= eth2 || ||__ | | | | |---|---| | LAN1 | | |---|---| LAN2 What I'm looking for is a application (or a combination of multiple) witch can build some usage reports. We need this information to share the bill of the internet connection fairly. I'd like to be able to create daily, weekly, monthly and yearly reports. What I'd like to know is if someone knows a utility witch is at least capable of giving the following statistics: Traffic from: - - LAN1 <=> internet, in bytes. - LAN2 <=> internet, in bytes. - LAN1 <=> LAN2, in bytes. - Total amount of traffic from all LAN's <=> Internet. Reports: I'd prefer the reports in some kind of graphical way, but plain text would also be fine. I need to get "per host statistics", to compare them to the total amount of traffic Note: - The clients on both LAN's use the firewall as proxy server (...) This traffic MUST also be included in the statistics. I know this all CAN be done, but I don't know where to start. Can anybody help me? Thanks in advance, A.M. (Auke) Rensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]