Question: Measuring/Monitoring Network Usage
Posted by nathanbullock on Sat 5 Mar 2005 at 14:55
I currently have a Debian box working as a server/firewall/NAT router. Inside my local network I have a linux box and a dlink voip appliance. I monitor my webserver using a small program I wrote but I have no idea how to go about monitoring the network usage. I am trying to set up MRTG, although I haven't got it working yet. I am wondering if someone could give me a few ideas of how I could solve what I want to do, or even better, write up a complete article.
The things that I definately want to be able to do is monitor the bandwidth that the VoIP box is using, monitor the bandwidth that the linux desktop box is using, and monitor the bandwidth that the connection from the server to the internet is using.
Fancier things that I would like to be able to do is to break this usage up into the seperate ports (maybe using a pie chart). And I am not sure if there would be able to get any stats on the responsiveness of the VoIP box, not even sure if this comment makes sense. Basically the purpose would be to see if there is any need to set up QoS for the VoIP box.
And a final question. Does monitoring network usage significantly affect network responsiveness or throughput?
[ Send Message | View Steve's Scratchpad | View Weblogs ]
There's a nice piece of software called ipaudit which runs on a gatway machine and keeps track of the internal machines external connections.
Once that is installed you can run another piece of software called ipaudit-web which makes pretty web pages from the data.
The output shows the amount of bandwidth used by each internal machine on a LAN and statistics about the most active external hosts - it might work for you if each of your services (like the voip box you mention) are on seperate hosts.
Here's a link to some screenshots.
I'd be interested in other solutions too - but I will say that there are a lot of cron jobs involved and it doesn't seem to load the gateway box unduly.
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
One catch - the web pagifier relies on cron processes, especially around midnight, so if your machine is off, you may want to use anacron instead. Not sure if that would work, but I'm going to probably have a go at it.
PJ
[ Parent | Reply to this comment ]
[ Send Message | View Weblogs ]
There were some other minor issues with adding ipaudit to debian. The paths were not debian compatible after compiling from source following the instructions.
zgrep path needed a path fix in SearchIpauditData (debian's path is /bin/zgrep), ipaudit-web.conf needed fixes for gzip and awk path (/bin/gzip and /usr/bin/awk in debian).
I found ipaudit runs fine with thy (a small web server built on the principle of beautiful code).
So, for monitoring network usage, my solution is vnstat for quick and dirty stats, iptraf for live checks, and ipaudit for more thorough postmortems. All three running at the same time might be a bit optimistic, but it seems to work on our router box here just fine.
PJ
[ Parent | Reply to this comment ]
PJ
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
http://www.cacti.net/
http://packages.debian.org/stable/web/cacti
john
[ Parent | Reply to this comment ]
Michel
[ Parent | Reply to this comment ]
We are running it on a sarge VM. I currently am monitoring a W2K3 server and a ubuntu box. I dont really know what to tell you that cant be answered at this site:
http://www.linuxhomenetworking.com/linux-hn/mrtg.htm
http://www.linuxhomenetworking.com/linux-hn/mrtg-advanced.htm
I spent a bunch of time looking all over the web for info and I always came back to that site.
My one big issue was not using the correct MIB's, you have to load them up in the beginning of the script.
I am getting most of the info with SNMPgets and such.
[ Parent | Reply to this comment ]
WorkDir: /var/www/mrtg WriteExpires: Yes Refresh: 300 WithPeak[^]: wym Suppress[^]: y MaxBytes[^]: 96 Title[^]: Traffic Analysis for HOST.NAME Target[eth0]: `/usr/local/bin/mrtg-data eth0` MaxBytes1[eth0]: 13107200 MaxBytes2[eth0]: 13107200 Title[eth0]: Traffic Analysis for network device eth0 [External] PageTop[eth0]: Internet Link Target[lo]: `/usr/local/bin/mrtg-data lo` MaxBytes1[lo]: 13107200 MaxBytes2[lo]: 13107200 Title[lo]: Traffic Analysis for network device lo [localhost] PageTop[lo]: Local lo / loopback deviceAnd /usr/local/bin/mrtg-data:
#!/bin/bash DEV="$1" if test -z "$DEV"; then echo No device specified; exit 1; fi INFO=`grep $DEV /proc/net/dev | tr -s ' ' ' ' | cut -d: -f2` RECEIVE=`echo $INFO | cut -d" " -f1` TRANSMIT=`echo $INFO | cut -d" " -f9` UPTIME=`uptime | tr -s ' ' ' ' | cut -d" " -f4-` echo $RECEIVE echo $TRANSMIT echo $UPTIME echo "HOST.NAME"Enjoy, -doc
[ Parent | Reply to this comment ]
* install snmp pkgs
To find them:
apt-cache search snmp | less
try using snmpwalk. Info on how to use it is in
"man snmpwalk"
snmpwalk should print out the mib tree for you. You *should* see an OID string for your ethernet card.
I don't remember the specifics for MRTG, but if you don't see a mib string for you network card, you're not going to get any snmp - data
* also check your /etc/snmp/snmpd.conf
The directions claim that you should not have to muck with this conf file. But just make sure that your snmp trap phrase is set to "public". There could be security implications for this. You *CAN* and *should* change the passphrase to something not so common, but make sure MRTG knows what it is.
* with CACTI, it *should* work out of the box for your if you use a template. I personally haven't gotten it to work since I can't find my MIB string for my card which runs the tulip driver.
* OH there is one more thing to look into. If snmpwalk can't find the mib string for your card, you can try to find a mib file for your card. I hear they are provided by the manufacture. If you are using 3-Com cards, I suppose you'd have better luck and things should just work easily in general. Perhaps others have a diff opinion on this.
- my 2 Cents.
The things that I definately want to be able to do is monitor the bandwidth that the VoIP box is using, monitor the bandwidth that the linux desktop box is using, and monitor the bandwidth that the connection from the server to the internet is using.
Fancier things that I would like to be able to do is to break this usage up into the seperate ports (maybe using a pie chart). And I am not sure if there would be able to get any stats on the responsiveness of the VoIP box, not even sure if this comment makes sense. Basically the purpose would be to see if there is any need to set up QoS for the VoIP box.
And a final question. Does monitoring network usage significantly affect network responsiveness or throughput?
[ Parent | Reply to this comment ]
mrtg config erstellen:
cfgmaker --interfaces eth0 ppp0 public@localhost > /etc/mrtg.conf
mrtg anschliessend starten:
env LANG=C mrtg /etc/mrtg.conf
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
We have a 'Best of Breed' product called CODIMA which is a low cost app that does everything and more regarding VoIP. The Traffic Blaster in Codima helps to scale the network for pre deployment, offers a Visio plan for network management(with drill down facility) and gives a dynamic view of all usage.
It is a great tool for monitoring suppliers to nail down SLA performance and bandwidth provision. The reports are great too.
If you want to see it let me know
Kind Regards
Roger Curson
+44 (0)208 422 9699
[ Parent | Reply to this comment ]