pfSense Gold Subscription

Author Topic: Bounty $200: Monitor bandwidth use on IP adresses. NOW $250  (Read 50490 times)

0 Members and 1 Guest are viewing this topic.

Offline backbone

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Bounty $200: Monitor bandwidth use on IP adresses. NOW $250
« on: September 17, 2006, 12:37:16 pm »
I want to know how many GB of traffic every Internal IP adresse is using true my Firewall.
Also runing many VLANs so it have to support to get info on many VLANs as well.
Or I want to define the ip adresse I want to get info on. something like add ip adresses I want to monitor.
have to support many hosts at one time.
And just get the info for total bandwidth inn/out last month. And total so far this month.
And maybe an total show of bandwidth over the firewall as well, for last month and so far this month.

maybe based on darkstat or something?
« Last Edit: October 15, 2006, 03:32:47 pm by backbone »

Offline ollopa

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Bounty $100: Monitor bandwidth use on IP adresses.
« Reply #1 on: September 19, 2006, 08:36:38 pm »
I'm pretty sure ntop can do this detailed level of reporting, and there's already an ntop package for PFsense...  http://www.pfsense.com/packages/All/

??

Offline backbone

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Bounty $100: Monitor bandwidth use on IP adresses.
« Reply #2 on: October 04, 2006, 03:38:13 am »
I'm pretty sure ntop can do this detailed level of reporting, and there's already an ntop package for PFsense...  http://www.pfsense.com/packages/All/

??





I can`t see how I can use Ntop on just the IP adresses I want.. and also how can I get It to show last month and so fare this month ??  ???

Maybe ntop could be writen to do this?


Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #3 on: October 06, 2006, 10:40:23 pm »
ntop can do this, but it doesn't run exceptionally well on FreeBSD because of threading bugs in ntop that the author doesn't care to fix. 

Plus, if you're running VLAN's, ntop requires putting your interfaces in promiscuous mode.  There's a bug in FreeBSD that will cause all your VLAN's to drop if you put a VLAN interface in promiscuous mode. 

This capability is really there already, you just need to collect the appropriate data and then report on it as you desire.  What you need to look at is the pfflowd package, and you need to get a NetFlow collector running on something.  For a quick solution, check out CactiEZ, it comes preconfigured with an awesome Cacti install plus a NetFlow collector enabled out of the box. 
http://cactiusers.org/wiki/CactiEZ

After you have the NetFlow stats collected, there are a bunch of reporting tools that will show you your NetFlow data, including ntop, which runs on CactiEZ (and works fine since it's Linux-based). 

Nice list of NetFlow related tools here:
http://www.switch.ch/tf-tant/floma/software.html

Personally, for my network monitoring at home, I run a CactiEZ install in a VM running on VMware Server.  Works great. 

Is this answer worth $200?  ;D

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #4 on: October 08, 2006, 10:43:28 pm »
This looks like a possible solution.

http://bandwidthd.sourceforge.net/

Look okay?  I may take this one up.

Offline backbone

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #5 on: October 09, 2006, 10:56:35 am »
This looks like a possible solution.

http://bandwidthd.sourceforge.net/

Look okay?  I may take this one up.


Thats more like it :)
I just testet the demo....
but I can`t see how I can get how many GB of traffic one Ip have use there? This mnd and last?
I see that it can write to a database, maybe just get the info out from there again?
Can the data be writen to an external mysql db on another server?

If you could do this in one package for pfsense it would be nice.

This is something I would pay to get done ;)

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #6 on: October 09, 2006, 12:06:26 pm »
This looks like a possible solution.

http://bandwidthd.sourceforge.net/


Except it'll put your interfaces in promiscuous mode, and since he's running VLAN's, it'll kill all his network connectivity because of the VLAN's + promisc FreeBSD bug.  Won't work. 

The only thing I know of that doesn't use promisc is NetFlow. 

backbone:  You need to look at what I suggested, as that's the only thing that's going to work for you in the foreseeable future. 

Offline omegadraconis

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
    • Jason Hensler
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #7 on: October 12, 2006, 08:15:16 pm »
I ran across this: http://www.freebsd.org/cgi/query-pr.cgi?pr=72933
it's a patch to fix the problem for bge module. At the bottom of the page it linked to http://cvsup.pt.freebsd.org/cgi-bin/cvsweb/cvsweb.cgi/src/sys/dev/bge/if_bge.c
"Revision 1.148 / (download) - annotate - [select for diffs] , Mon Sep 18 22:18:21 2006 UTC (3 weeks, 3 days ago) by jkim
Branch: MAIN
Changes since 1.147: +28 -15 lines
Diff to previous 1.147

Do not strip VLAN tag in promiscuous mode."

It would seem to depend on the nic's your using, your going to have to figure out which kernel module your nic uses(http://www.freebsd.org/releases/6.1R/hardware-i386.html#ETHERNET) and see if it has been patched or is a problem.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #8 on: October 13, 2006, 01:18:33 am »
Thanks for the pointer to that, omegadraconis.  Looks like drivers are getting fixed one by one.  We'll have to look at this again once 6.2 is out and we're using it. 

Offline Mercredi

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #9 on: October 15, 2006, 02:26:09 am »
i will pay another $50 for a package, that will help me to know how many GB of traffic every Internal IP address is using through my pfsense firewall with possibility to view statistics for a day, week, month, and also configurable local address table to exclude from calculation. i need this for my small office network and home use, there is not so much users and data to deploy NTOP and special accounting servers.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #10 on: October 15, 2006, 12:16:07 pm »
Ok, if everyone wants to verify that their nics will work with the package I mentioned earlier, I'll go ahead and get started on bandwidthd.

Offline backbone

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #11 on: October 15, 2006, 04:49:33 pm »
Ok, if everyone wants to verify that their nics will work with the package I mentioned earlier, I'll go ahead and get started on bandwidthd.


I have 2 onboard Broadcom BCM5721 cards, using the bge(4) driver?

Offline Mercredi

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $200
« Reply #12 on: October 15, 2006, 10:24:45 pm »
Ok, if everyone wants to verify that their nics will work with the package I mentioned earlier, I'll go ahead and get started on bandwidthd.

i am using intel pro100 management adapters, their name in system are fxp... thank you, sullrich.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $250
« Reply #13 on: October 17, 2006, 04:29:25 pm »
So we are a go?

Offline Mercredi

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Re: Bounty $200: Monitor bandwidth use on IP adresses. NOW $250
« Reply #14 on: October 18, 2006, 12:37:17 am »
sullrich: what do i need to do? i allready need statistics on traffic of each local user :)