Host tracking on LAN
-
Hi! I don’t know where to put this question, so it ended up here since the thing I’m looking for is missing from the webgui.
What I want is to see the bandwidth of specific servers on our lan. From what I’ve found on this forum there is no way to do this now. But the information must be stored in a log file somewhere. I guess my question is; where is the log data stored and what is the best way to retrieve it. I’m going to get one of the ùbernerds here at the office make an app or a website that will parse it, if that isn’t already made. Any help would be appreciated.If this has been answered before, please point me in the right direction.
Thanx in advance. -
You can install packages that can display the traffic.
But if it's a server you could as well install a network monitoring software and get the info directily via SNMP from the server.
-
Thank you.
Could you please tell me what packages, and where I can find them?
-
Does anyone else know what he’s talking about. Is there an addon to pfSense that shows the host data?
-
System–>Packages
bandwidthd or darkstat, also ntop might interrest you,
-
Thank you. That helped.
-
Is there a way to make PFSense track the amount of bandwidth each IP address uses? I have 253 external IP addresses behind my PFSense firewall running in transparent bridge mode. I am not using NAT for any of the machines. All of them have external IPs. I want to track how much bandwidth each IP is using so I can target which ones need to be managed better.
Any ideas on how to do this?
Thanks
Bob
-
Something is using the max amout of bandwith allowed on my system
When watching the bandwidth on my primary WAN I can see
something is using 30mbps yes 30 mbps. How can I find
this device and stop it? -
You can use pftop on console to monitor downloads in the "bytes" column, or ntop, darkstat, bandwithd for gui reporting, I would suggest setting up traffic shaper, there is an option to penalise users who go over a set down/up limit, although I havent played with this feature myself.
Slam
-
I tried ntop and its a great tool. I shows everything i can think of ever needing :D But, its using alot of cpu then crashes. I've seen some posts covering similar problems, but i dont understand. I am a n00b. ??? Does anyone know of a easy fix for this problem?
I get this when I try to run it.
$ ntop Thu Jan 29 09:45:32 2009 NOTE: Interface merge enabled by default Thu Jan 29 09:45:32 2009 Initializing gdbm databases Thu Jan 29 09:45:32 2009 ntop will be started as user nobody Thu Jan 29 09:45:32 2009 ntop v.3.3.8 Thu Jan 29 09:45:32 2009 Configured on Dec 4 2008 15:19:28, built on Dec 4 2008 15:19:59. Thu Jan 29 09:45:32 2009 Copyright 1998-2007 by Luca Deri <deri@ntop.org>Thu Jan 29 09:45:32 2009 Get the freshest ntop from http://www.ntop.org/ Thu Jan 29 09:45:32 2009 NOTE: ntop is running from 'ntop' Thu Jan 29 09:45:32 2009 NOTE: (but see warning on man page for the --instance parameter) Thu Jan 29 09:45:32 2009 NOTE: ntop libraries are in '/usr/local/lib' Thu Jan 29 09:45:32 2009 Initializing ntop Thu Jan 29 09:45:32 2009 No patterns to load: protocol guessing disabled. Thu Jan 29 09:45:32 2009 Checking bfe0 for additional devices Thu Jan 29 09:45:32 2009 Resetting traffic statistics for device bfe0 Thu Jan 29 09:45:32 2009 Initializing device bfe0 (0) Thu Jan 29 09:45:32 2009 DLT: Device 0 [bfe0] is 1, mtu 1514, header 14 Thu Jan 29 09:45:32 2009 Initializing gdbm databases Thu Jan 29 09:45:32 2009 VENDOR: Loading MAC address table. Thu Jan 29 09:45:32 2009 VENDOR: Checking for MAC address table file Thu Jan 29 09:45:32 2009 VENDOR: Loading newer file '/usr/local/etc/ntop/specialMAC.txt.gz' Thu Jan 29 09:45:32 2009 VENDOR: ...found 61 lines Thu Jan 29 09:45:32 2009 VENDOR: ...loaded 59 records Thu Jan 29 09:45:32 2009 VENDOR: Checking for MAC address table file Thu Jan 29 09:45:32 2009 VENDOR: Loading newer file '/usr/local/etc/ntop/oui.txt.gz' Thu Jan 29 09:45:32 2009 VENDOR: ...found 48541 lines Thu Jan 29 09:45:32 2009 VENDOR: ...loaded 7853 records Thu Jan 29 09:45:32 2009 Fingerprint: Loading signature file Thu Jan 29 09:45:32 2009 Fingerprint: Checking for Fingerprint file... file Thu Jan 29 09:45:32 2009 Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz' Thu Jan 29 09:45:32 2009 Fingerprint: ...loaded 0 records Thu Jan 29 09:45:32 2009 ASN: Checking for Autonomous System Number table file Thu Jan 29 09:45:32 2009 ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz' Thu Jan 29 09:45:33 2009 ASN: ...found 111435 lines Thu Jan 29 09:45:33 2009 ASN: ....Used 3780 KB of memory (12 per entry) Thu Jan 29 09:45:33 2009 IP2CC: Checking for IP address <-> Country Code mapping file Thu Jan 29 09:45:33 2009 IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz' Thu Jan 29 09:45:34 2009 IP2CC: ...found 52395 lines Thu Jan 29 09:45:34 2009 Database support not compiled into ntop Thu Jan 29 09:45:34 2009 Initializing external applications Thu Jan 29 09:45:34 2009 THREADMGMT[t683676160]: SFP: Started thread for fingerprinting Thu Jan 29 09:45:34 2009 THREADMGMT[t683676416]: SIH: Started thread for idle hosts detection Thu Jan 29 09:45:34 2009 THREADMGMT[t683676672]: DNSAR(1): Started thread for DNS address resolution Thu Jan 29 09:45:34 2009 THREADMGMT[t683676928]: DNSAR(2): Started thread for DNS address resolution Thu Jan 29 09:45:34 2009 THREADMGMT[t683677184]: DNSAR(3): Started thread for DNS address resolution Thu Jan 29 09:45:34 2009 Calling plugin start functions (if any) Thu Jan 29 09:45:34 2009 SSL is present but https is disabled: use -W <https port="">for enabling it Thu Jan 29 09:45:34 2009 INITWEB: Initializing web server Thu Jan 29 09:45:34 2009 INITWEB: Initializing TCP/IP socket connections for web server Thu Jan 29 09:45:34 2009 INITWEB: Initialized socket, port 3000, address (any) Thu Jan 29 09:45:34 2009 INITWEB: Waiting for HTTP connections on port 3000 Thu Jan 29 09:45:34 2009 INITWEB: Starting web server Thu Jan 29 09:45:34 2009 THREADMGMT[t683677440]: INITWEB: Started thread for web server Thu Jan 29 09:45:34 2009 Listening on [bfe0] Thu Jan 29 09:45:34 2009 Loading Plugins Thu Jan 29 09:45:34 2009 Searching for plugins in /usr/local/lib/ntop/plugins Thu Jan 29 09:45:34 2009 CPACKET: Welcome to cPacket.(C) 2008 by Luca Deri Thu Jan 29 09:45:34 2009 ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri Thu Jan 29 09:45:34 2009 LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni Thu Jan 29 09:45:34 2009 NETFLOW: Welcome to NetFlow.(C) 2002-08 by Luca Deri Thu Jan 29 09:45:34 2009 PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock Thu Jan 29 09:45:34 2009 Remote: Welcome to Remote. (C) 2006-07 by L.Deri Thu Jan 29 09:45:34 2009 RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri. Thu Jan 29 09:45:34 2009 SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Thu Jan 29 09:45:34 2009 Calling plugin start functions (if any) Thu Jan 29 09:45:34 2009 RRD: Welcome to the RRD plugin Thu Jan 29 09:45:34 2009 RRD: Mask for new directories is 0700 Thu Jan 29 09:45:34 2009 RRD: Mask for new files is 0066 Thu Jan 29 09:45:34 2009 RRD_DEBUG: Parameters: Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpInterval 300 seconds Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpShortInterval 10 seconds Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpHours 72 hours by 300 seconds Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpDays 90 days by hour Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpMonths 36 months by day Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpDomains no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpFlows no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpSubnets no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpHosts no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpInterfaces yes Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpASs no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpMatrix no Thu Jan 29 09:45:34 2009 RRD_DEBUG: dumpDetail medium Thu Jan 29 09:45:34 2009 RRD_DEBUG: hostsFilter Thu Jan 29 09:45:34 2009 RRD_DEBUG: rrdPath /var/db/ntop/rrd [normal] Thu Jan 29 09:45:34 2009 RRD_DEBUG: rrdPath /var/db/ntop/rrd [dynamic/volatile] Thu Jan 29 09:45:34 2009 RRD_DEBUG: umask 0066 Thu Jan 29 09:45:34 2009 RRD_DEBUG: DirPerms 0700 Thu Jan 29 09:45:34 2009 THREADMGMT: RRD: Started thread (t683679744) for data collection Thu Jan 29 09:45:34 2009 INIT: Created pid file (/var/run/ntop.pid) Thu Jan 29 09:45:34 2009 THREADMGMT[t683675904]: ntop RUNSTATE: INITNONROOT(3) Thu Jan 29 09:45:34 2009 Now running as requested user 'nobody' (65534:65534) Thu Jan 29 09:45:34 2009 Note: Reporting device initally set to 0 [bfe0] (merged) Thu Jan 29 09:45:34 2009 THREADMGMT[t683675904]: ntop RUNSTATE: RUN(4) Thu Jan 29 09:45:34 2009 THREADMGMT[t683680000]: NPS(1): Started thread for network packet sniffing [bfe0] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676160]: SFP: Fingerprint scan thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676160]: SFP: Fingerprint scan thread running [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676416]: SIH: Idle host scan thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676416]: SIH: Idle host scan thread running [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683677440]: WEB: Server connection thread starting [p24309] Thu Jan 29 09:45:34 2009 Note: SIGPIPE handler set (ignore) Thu Jan 29 09:45:34 2009 THREADMGMT[t683677440]: WEB: Server connection thread running [p24309] Thu Jan 29 09:45:34 2009 WEB: ntop's web server is now processing requests Thu Jan 29 09:45:34 2009 THREADMGMT[t683677184]: DNSAR(3): Address resolution thread running Thu Jan 29 09:45:34 2009 THREADMGMT[t683679744]: RRD: Data collection thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683676672]: DNSAR(1): Address resolution thread running Thu Jan 29 09:45:34 2009 THREADMGMT[t683676928]: DNSAR(2): Address resolution thread running Thu Jan 29 09:45:34 2009 THREADMGMT[t683680000]: NPS(bfe0): pcapDispatch thread starting [p24309] Thu Jan 29 09:45:34 2009 THREADMGMT[t683680000]: NPS(bfe0): pcapDispatch thread running [p24309] Thu Jan 29 09:45:44 2009 THREADMGMT[t683680256]: RRD: Started thread for throughput data collection Thu Jan 29 09:45:44 2009 THREADMGMT[t683679744]: RRD: Data collection thread running [p24309] Thu Jan 29 09:45:44 2009 THREADMGMT[t683680256]: RRD: Throughput data collection: Thread starting [p24309] Thu Jan 29 09:45:44 2009 THREADMGMT[t683680256]: RRD: Throughput data collection: Thread running [p24309] Segmentation fault</https></deri@ntop.org> -
It seems that the RRD Graph is crashing.
Don`t be scaried my traffic looks like this:
and everything goes well -
Where are the Übernerds when you need one, eh?
