From owner-freebsd-questions Thu Feb 22 20:25:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from tuxcom.net.mx (ns.tuxcom.net.mx [148.223.149.177]) by hub.freebsd.org (Postfix) with SMTP id 9758937B503 for ; Thu, 22 Feb 2001 20:25:08 -0800 (PST) (envelope-from michael@tuxcom.net.mx) Received: (qmail 27334 invoked from network); 22 Feb 2001 22:25:15 -0600 Received: from unknown (HELO tuxcom.net.mx) (10.0.0.214) by tux-33.tuxcom.net.mx with SMTP; 22 Feb 2001 22:25:15 -0600 Message-ID: <3A95E620.6133D29@tuxcom.net.mx> Date: Thu, 22 Feb 2001 22:25:04 -0600 From: schoensee X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Cc: John Indra Subject: Re: Analyzing MRTG output References: <20010223102237.A30474@office.naver.co.id> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John Indra wrote: > > Dear all... > > I am monitoring traffic on my network with MRTG. I setup SNMP in my > SuperStack II 3300 3Com switch, then run MRTG on each port to gather a > statistics. > > Ever since I installed those beautiful graphs, my boss start asking > questions like: > "Why is outgoing traffic from 5 to 7 o'clock is very high?" > "What happens on 12 o'clock, there's a big spike in outgoing traffic?" First, if the mrtg gets the data from a "router" I don't know. Second, in my case, were BSD is the router, you can set up some ipfw rules like: count tcp from any to any 80 out xmit etha47 count tcp from any 80 to any in recv etha47 to see some http traffic or count ip from 10.0.0.107 to any in recv rl0 count ip from any to 10.0.0.107 out xmit rl0 to see traffic from specific ips then you can make a script to read the counters from mrtg like: Target[test]:`/usr/local/sbin/read_ipfw.sh` Other thing is: Play with tcpdump or ntop (from ports) and sripting. If your router (gateway) is the BSD box, I can give you a lot of sripts for ipfw and mrtg, see http://www.tuxcom.net.mx/stats/mrtg_bwm/ Saludos > > Can anyone share tips to answer those kind of questions? > > Thanks... > > /john > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message