Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread Matt Shields 
On Wed, Feb 6, 2013 at 6:29 PM, David Rosenstrauch wrote:

> On 02/06/2013 02:00 PM, David Rosenstrauch wrote:
>
>> On 02/06/2013 12:34 PM, Matt Shields wrote:
>>
>>> Also try ntop.  Set it up on a standalone computer.  2 network ports, one
>>> for management, one where you mirror all your traffic at the
>>> switchport to
>>> it and have the interface in promiscuous mode.  Then it'll give you nice
>>> charts to show you who is talking to what (ie. User1 is streaming content
>>> from Youtube, etc).
>>>
>>> Matt
>>>
>>
>> Will check that out - thanks!
>>
>> DR
>>
>
> Great suggestion on ntop!  Looks like what I need.
>
>
> Just one thing I'm not sure about with it, though:
>
> It seems like the intention is that you would run ntop on your gateway
> machine (which all traffic on the network passes through) and that way get
> full stats for the entire network.
>
> However, that's not the setup I have.  I do have a gateway, but it's our
> firewall box, which I can't run ntop on.  The machine I am running it on is
> our ssh entrypoint into the network.  But the other machines on the network
> can initiate connections directly to the Internet through firewall without
> going through the ssh entrypoint.  So I'm thinking that by running ntop on
> the ssh entrypoint box, it's not going to actually be seeing all the
> incoming or outgoing traffic for the network, and so won't be able to
> report on it accurately.
>
> Am I right on this?  And if so, how best to work around this?  (Without
> having to run an instance of ntop on every machine in the network.)
>
> Thanks,
>
>
> DR
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss
>

I have a separate machine that I use for ntop, snort, tcpdump, nessus and
other monitoring tools.  It has 2 nics, one is management (ssh, http, etc)
and the second is set to promiscuous mode and connected to my core switch.
 On the core switch I have that port be a mirror of the main link.  So all
traffic in and out of the network is mirrored to my monitoring server where
I do analysis on what's going on.

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread Rich Braun 
David Rosenstrauch  asked:
> We've got some machine (or machines) sucking up a lot of bandwidth on
> our network.  I'm trying to pin down exactly what, but not having much
> luck so far.
>
> The network's got about a dozen machines

Check out munin, http://munin-monitoring.org.  You don't say which Linux
distro you're using, but most of the distros have packages for this (named
munin-node for client, munin for server).

The advantage of this tool vs. cacti or the others is that it's
self-configuring.  By default a lot of charts are already in place for you,
and the server doesn't need any configuration other than a list of nodes.  Set
up one machine with the server, set up munin-node client on all the others,
then you get a web page on the server with links to piles of graphs for each
client.

Learning curve for this is much shorter than most, if you're just trying to
solve a quick problem like this.

-rich


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread David Rosenstrauch 

On 02/06/2013 02:00 PM, David Rosenstrauch wrote:

On 02/06/2013 12:34 PM, Matt Shields wrote:

Also try ntop.  Set it up on a standalone computer.  2 network ports, one
for management, one where you mirror all your traffic at the
switchport to
it and have the interface in promiscuous mode.  Then it'll give you nice
charts to show you who is talking to what (ie. User1 is streaming content
from Youtube, etc).

Matt


Will check that out - thanks!

DR


Great suggestion on ntop!  Looks like what I need.


Just one thing I'm not sure about with it, though:

It seems like the intention is that you would run ntop on your gateway 
machine (which all traffic on the network passes through) and that way 
get full stats for the entire network.


However, that's not the setup I have.  I do have a gateway, but it's our 
firewall box, which I can't run ntop on.  The machine I am running it on 
is our ssh entrypoint into the network.  But the other machines on the 
network can initiate connections directly to the Internet through 
firewall without going through the ssh entrypoint.  So I'm thinking that 
by running ntop on the ssh entrypoint box, it's not going to actually be 
seeing all the incoming or outgoing traffic for the network, and so 
won't be able to report on it accurately.


Am I right on this?  And if so, how best to work around this?  (Without 
having to run an instance of ntop on every machine in the network.)


Thanks,

DR
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread Alaric 

I've had really good experience grabbing Nagios perf data as  graphing it with 
other tools.   I think the Splunk4Nagios app is a could example of how you 
could do it (https://github.com/skywalka/splunk-for-nagios)  you may not want 
to use Splunk due to cost, but I suspect the model would be pretty easily 
migrated to similar tools...  that being said, all that may be overkill, Cacti 
is pretty awesome at this sort of thing all by it's lonesome 

-a
  

On Feb 6, 2013, at 3:58 PM, Drew Van Zandt  wrote:

> https://www.google.com/search?q=nagios+plugin+network+byte+counter&oq=nagios+plugin+network+byte+counter
> 
> I haven't used any of them in ages (I'm back to hardware design, thank
> Science), but I had a plugin (or plugin + SNMP?) that monitored all the
> interface stats back when.
> 
> *
> Drew Van Zandt
> Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
> Domain Coordinator, MA-003-D.  Masquerade aVST
> *
> 
> 
> On Wed, Feb 6, 2013 at 1:59 PM, David Rosenstrauch wrote:
> 
>> ???  I use Nagios extensively on our system to monitor for uptime on
>> machines/daemons, and alert us when something breaks.  But I'm not aware of
>> it having the capability to show cumulative network usage, by remote host,
>> across a span of time, for every machine on a network.  If it does, could
>> you point me to which plugin one might use for that?
>> 
>> Thanks,
>> 
>> DR
>> 
>> 
>> On 02/06/2013 12:21 PM, Drew Van Zandt wrote:
>> 
>>> Cacti, Nagios, and Intellipool are all solid for this.
>>> 
>>> *
>>> Drew Van Zandt
>>> Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
>>> Domain Coordinator, MA-003-D.  Masquerade aVST
>>> *
>>> 
>>> 
>>> 
>>> On Wed, Feb 6, 2013 at 12:11 PM, David Rosenstrauch >>> wrote:
>>> 
>>> We've got some machine (or machines) sucking up a lot of bandwidth on our
 network.  I'm trying to pin down exactly what, but not having much luck
 so
 far.
 
 The network's got about a dozen machines, behind a firewall.  What I'd
 like to see is a high-level view of the whole network's bandwidth usage
 over the span of, say, 24 hours.  I.e., which machines are using the most
 bandwidth (i.e., in Gb), and connections to which external sites are
 causing most of the hogging.
 
 Clearly, micro-level tools like iftop aren't going to cut it here, as
 they
 only show me a) what's using bandwidth right now, and b) an individual
 machine basis.
 
 I tried running darkstat on each machine in the network, but it didn't
 really give me what I was looking for.  Again, the reporting was
 per-machine, and so didn't provide a comprehensive view.  (Among other
 problems.)
 
 Bandwidthd looks like it might have some promise, but would take some
 time
 to set up to give me a comprehensive view.  (I.e., configure a pgsql
 database.)
 
 
 Anyone have any particular recommendations for a situation like this?
 
 Thanks,
 
 DR
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss
 
> 
 
 
>>> 
>> __**_
>> Discuss mailing list
>> Discuss@blu.org
>> http://lists.blu.org/mailman/**listinfo/discuss
>> 
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread Drew Van Zandt 
https://www.google.com/search?q=nagios+plugin+network+byte+counter&oq=nagios+plugin+network+byte+counter

I haven't used any of them in ages (I'm back to hardware design, thank
Science), but I had a plugin (or plugin + SNMP?) that monitored all the
interface stats back when.

*
Drew Van Zandt
Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
Domain Coordinator, MA-003-D.  Masquerade aVST
*


On Wed, Feb 6, 2013 at 1:59 PM, David Rosenstrauch wrote:

> ???  I use Nagios extensively on our system to monitor for uptime on
> machines/daemons, and alert us when something breaks.  But I'm not aware of
> it having the capability to show cumulative network usage, by remote host,
> across a span of time, for every machine on a network.  If it does, could
> you point me to which plugin one might use for that?
>
> Thanks,
>
> DR
>
>
> On 02/06/2013 12:21 PM, Drew Van Zandt wrote:
>
>> Cacti, Nagios, and Intellipool are all solid for this.
>>
>> *
>> Drew Van Zandt
>> Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
>> Domain Coordinator, MA-003-D.  Masquerade aVST
>> *
>>
>>
>>
>> On Wed, Feb 6, 2013 at 12:11 PM, David Rosenstrauch > >wrote:
>>
>>  We've got some machine (or machines) sucking up a lot of bandwidth on our
>>> network.  I'm trying to pin down exactly what, but not having much luck
>>> so
>>> far.
>>>
>>> The network's got about a dozen machines, behind a firewall.  What I'd
>>> like to see is a high-level view of the whole network's bandwidth usage
>>> over the span of, say, 24 hours.  I.e., which machines are using the most
>>> bandwidth (i.e., in Gb), and connections to which external sites are
>>> causing most of the hogging.
>>>
>>> Clearly, micro-level tools like iftop aren't going to cut it here, as
>>> they
>>> only show me a) what's using bandwidth right now, and b) an individual
>>> machine basis.
>>>
>>> I tried running darkstat on each machine in the network, but it didn't
>>> really give me what I was looking for.  Again, the reporting was
>>> per-machine, and so didn't provide a comprehensive view.  (Among other
>>> problems.)
>>>
>>> Bandwidthd looks like it might have some promise, but would take some
>>> time
>>> to set up to give me a comprehensive view.  (I.e., configure a pgsql
>>> database.)
>>>
>>>
>>> Anyone have any particular recommendations for a situation like this?
>>>
>>> Thanks,
>>>
>>> DR
>>> ___
>>> Discuss mailing list
>>> Discuss@blu.org
>>> http://lists.blu.org/mailman/listinfo/discuss
>>> 
>>> >
>>>
>>>
>>
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread David Rosenstrauch 

On 02/06/2013 12:34 PM, Matt Shields wrote:

Also try ntop.  Set it up on a standalone computer.  2 network ports, one
for management, one where you mirror all your traffic at the switchport to
it and have the interface in promiscuous mode.  Then it'll give you nice
charts to show you who is talking to what (ie. User1 is streaming content
from Youtube, etc).

Matt


Will check that out - thanks!

DR

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread David Rosenstrauch 
???  I use Nagios extensively on our system to monitor for uptime on 
machines/daemons, and alert us when something breaks.  But I'm not aware 
of it having the capability to show cumulative network usage, by remote 
host, across a span of time, for every machine on a network.  If it 
does, could you point me to which plugin one might use for that?


Thanks,

DR

On 02/06/2013 12:21 PM, Drew Van Zandt wrote:

Cacti, Nagios, and Intellipool are all solid for this.

*
Drew Van Zandt
Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
Domain Coordinator, MA-003-D.  Masquerade aVST
*


On Wed, Feb 6, 2013 at 12:11 PM, David Rosenstrauch wrote:


We've got some machine (or machines) sucking up a lot of bandwidth on our
network.  I'm trying to pin down exactly what, but not having much luck so
far.

The network's got about a dozen machines, behind a firewall.  What I'd
like to see is a high-level view of the whole network's bandwidth usage
over the span of, say, 24 hours.  I.e., which machines are using the most
bandwidth (i.e., in Gb), and connections to which external sites are
causing most of the hogging.

Clearly, micro-level tools like iftop aren't going to cut it here, as they
only show me a) what's using bandwidth right now, and b) an individual
machine basis.

I tried running darkstat on each machine in the network, but it didn't
really give me what I was looking for.  Again, the reporting was
per-machine, and so didn't provide a comprehensive view.  (Among other
problems.)

Bandwidthd looks like it might have some promise, but would take some time
to set up to give me a comprehensive view.  (I.e., configure a pgsql
database.)


Anyone have any particular recommendations for a situation like this?

Thanks,

DR
__**_
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/**listinfo/discuss





___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread Matt Shields 
On Wed, Feb 6, 2013 at 12:21 PM, Drew Van Zandt wrote:

> Cacti, Nagios, and Intellipool are all solid for this.
>
> *
> Drew Van Zandt
> Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
> Domain Coordinator, MA-003-D.  Masquerade aVST
> *
>
>
> On Wed, Feb 6, 2013 at 12:11 PM, David Rosenstrauch  >wrote:
>
> > We've got some machine (or machines) sucking up a lot of bandwidth on our
> > network.  I'm trying to pin down exactly what, but not having much luck
> so
> > far.
> >
> > The network's got about a dozen machines, behind a firewall.  What I'd
> > like to see is a high-level view of the whole network's bandwidth usage
> > over the span of, say, 24 hours.  I.e., which machines are using the most
> > bandwidth (i.e., in Gb), and connections to which external sites are
> > causing most of the hogging.
> >
> > Clearly, micro-level tools like iftop aren't going to cut it here, as
> they
> > only show me a) what's using bandwidth right now, and b) an individual
> > machine basis.
> >
> > I tried running darkstat on each machine in the network, but it didn't
> > really give me what I was looking for.  Again, the reporting was
> > per-machine, and so didn't provide a comprehensive view.  (Among other
> > problems.)
> >
> > Bandwidthd looks like it might have some promise, but would take some
> time
> > to set up to give me a comprehensive view.  (I.e., configure a pgsql
> > database.)
> >
> >
> > Anyone have any particular recommendations for a situation like this?
> >
> > Thanks,
> >
> > DR
>

Also try ntop.  Set it up on a standalone computer.  2 network ports, one
for management, one where you mirror all your traffic at the switchport to
it and have the interface in promiscuous mode.  Then it'll give you nice
charts to show you who is talking to what (ie. User1 is streaming content
from Youtube, etc).

Matt
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Network monitoring tool recommendation

2013-02-06 Thread Drew Van Zandt 
Cacti, Nagios, and Intellipool are all solid for this.

*
Drew Van Zandt
Cam # US2010035593 (M:Liam Hopkins R: Bastian Rotgeld)
Domain Coordinator, MA-003-D.  Masquerade aVST
*


On Wed, Feb 6, 2013 at 12:11 PM, David Rosenstrauch wrote:

> We've got some machine (or machines) sucking up a lot of bandwidth on our
> network.  I'm trying to pin down exactly what, but not having much luck so
> far.
>
> The network's got about a dozen machines, behind a firewall.  What I'd
> like to see is a high-level view of the whole network's bandwidth usage
> over the span of, say, 24 hours.  I.e., which machines are using the most
> bandwidth (i.e., in Gb), and connections to which external sites are
> causing most of the hogging.
>
> Clearly, micro-level tools like iftop aren't going to cut it here, as they
> only show me a) what's using bandwidth right now, and b) an individual
> machine basis.
>
> I tried running darkstat on each machine in the network, but it didn't
> really give me what I was looking for.  Again, the reporting was
> per-machine, and so didn't provide a comprehensive view.  (Among other
> problems.)
>
> Bandwidthd looks like it might have some promise, but would take some time
> to set up to give me a comprehensive view.  (I.e., configure a pgsql
> database.)
>
>
> Anyone have any particular recommendations for a situation like this?
>
> Thanks,
>
> DR
> __**_
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/**listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Network monitoring tool recommendation

2013-02-06 Thread David Rosenstrauch 
We've got some machine (or machines) sucking up a lot of bandwidth on 
our network.  I'm trying to pin down exactly what, but not having much 
luck so far.


The network's got about a dozen machines, behind a firewall.  What I'd 
like to see is a high-level view of the whole network's bandwidth usage 
over the span of, say, 24 hours.  I.e., which machines are using the 
most bandwidth (i.e., in Gb), and connections to which external sites 
are causing most of the hogging.


Clearly, micro-level tools like iftop aren't going to cut it here, as 
they only show me a) what's using bandwidth right now, and b) an 
individual machine basis.


I tried running darkstat on each machine in the network, but it didn't 
really give me what I was looking for.  Again, the reporting was 
per-machine, and so didn't provide a comprehensive view.  (Among other 
problems.)


Bandwidthd looks like it might have some promise, but would take some 
time to set up to give me a comprehensive view.  (I.e., configure a 
pgsql database.)



Anyone have any particular recommendations for a situation like this?

Thanks,

DR
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss