DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th November 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 124
Default Monitoring IP Address Usage By Month

Is there something that will allow me to monitor traffic usages by IP Address?

I would like to see things like
IP address / port used
bytes transferred up/down
number of connections made
connection open time

Does anyone know how I can do this with openbsd?
Reply With Quote
  #2   (View Single Post)  
Old 10th November 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I use net/nfsen and am very happy with the results. Each of my firewalls sends pflow(4) statistics to the machine running nfsen, which stores the data and presents via web interface graphically.

Yes, I can do cohesive analysis year by year, month by month, week by week, and moment by moment. By subnet. By farm. By system. By port. I can have it Email alerts. It's almost the only monitoring tool I use.

I have it set to store monitoring data every five minutes, which is fine because the machine running nfsen uses an SD card for storage.

http://nfsen.sourceforge.net/

Last edited by jggimi; 10th November 2014 at 05:32 PM. Reason: clarity
Reply With Quote
  #3   (View Single Post)  
Old 10th November 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by EverydayDiesel View Post
Is there something that will allow me to monitor traffic usages by IP Address?
There are a number of applications in the ports tree which graphically show network activity. While I would gravitate to net/nfsen or other NetFlow-like or clone applications (see Wikipedia for its article on NetFlow if you are unfamiliar...) common monitoring tools already ported to OpenBSD include:You could also log PF activiity, & dump the contents into a database, & mine it for whatever values you like.

Michael Lucas' Network Flow Analysis is an excellent resource on this subject.

Last edited by ocicat; 10th November 2014 at 06:36 PM. Reason: corrected link
Reply With Quote
  #4   (View Single Post)  
Old 10th November 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Good points ocicat.

While I use them constantly, I should point out that the netflow tools are not applicable for real time status monitoring. I use netstat(1) and sysutils/pftop for that.

This is bcause a flow gets logged by pflow(4) only upon completion of a network conversation. For stateless traffic, this is upon activity timeout. For stateful traffic this is upon session teardown.

Last edited by jggimi; 10th November 2014 at 06:03 PM. Reason: forgot pftop
Reply With Quote
  #5   (View Single Post)  
Old 10th November 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

OpenBSD own SNMP comes with fantastic MIBs for network and PF monitoring. The real problem is how to poll it and display it. I really, really like Observium and use in production. Unfortunatelly getting OpenBSD custom MIBs to work in Observium is not trivial. Another nuisance is that Observium developers expect you to run server on Ubuntu of Debian. Right now I am running it on Debian but there is FreeBSD port and I hope to be able to get it working on FreeBSD.

Another telemetry tool which I use in production and can highly recommend is:
Unfortunately PF plugin is experimental. I use Observium to display RRD data collected with collectd. Collectd is IMHO probably the best non proprietary telemetry tool available but suffers from ridiculus problem lack of decent front-end to display information. Observium is great but SNMP is bread and butter of Observium and due to the pull nature of SNMP protocol Observium is limited due to the fact that it has no proxy at the moment. Collectd uses push model so it is great for monitoring private networks but as I said no good native GUI in-spite of long list

https://collectd.org/wiki/index.php/List_of_front-ends

I am experimenting with all of them and I had some hopes for collectd-web which didn't materialize. I heard good things about Collectd Graph Panel and playing with it is on my todo list.
Reply With Quote
  #6   (View Single Post)  
Old 10th November 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I recall Peter Hansteen wrote a nice blog on using net/nfsen. I found the link:

http://bsdly.blogspot.com/2014/02/ye...l-network.html
Reply With Quote
  #7   (View Single Post)  
Old 10th November 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by jggimi View Post
I recall Peter Hansteen wrote a nice blog on using net/nfsen. I found the link:

http://bsdly.blogspot.com/2014/02/ye...l-network.html
Observium can display nfsen data as well
Reply With Quote
  #8   (View Single Post)  
Old 11th November 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

I sand corrected regarding NfSen data display in Observium. After trying to get NfSen working with my installation of Observium I saw mailing list post by Adam Armstrong himself where he said that NfSen plugin is abandonware.
Reply With Quote
  #9   (View Single Post)  
Old 12th November 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Inspired by this thread I added two new monitoring tools to my repertoire:

and already mentioned

I would stick this thread!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Have people been able to get good .iso's of Dragonfly BSD in the past month or so? BenHur Other BSD and UNIX/UNIX-like 2 14th August 2013 04:44 AM
Breaking news, literally: Reuters hacked third time this MONTH J65nko News 0 4th September 2012 05:49 PM
Blast from the past: The Osborne 1: 30 years old this month J65nko News 0 5th April 2011 10:10 PM
memory usage monitoring using net-snmp ducu_00 FreeBSD Ports and Packages 2 11th October 2008 03:12 PM
one month anniversary ocicat Feedback and Suggestions 18 12th June 2008 03:13 AM


All times are GMT. The time now is 10:03 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick