[mrtg] Re: need help to monitor smpt and http

Daniel J McDonald dmcdonald at digicontech.com
Wed Mar 21 13:43:54 MET 2001


> From: Raymond Norton
> Sent: Tuesday, March 20, 2001 4:09 PM
> To: mrtg at list.ee.ethz.ch
> Subject: [mrtg] need help to monitor smpt and http

> Presently we monitor the traffic in and out of our serial
> ports on our =
> Cisco 2600 and 3640 routers. Someone is abusing our network,
> so I would =
> like to monitor the different services such as mail and web
> traffic.

Monitor in what way?  Just a simple graph of each protocol?  Or do you want
to know who is sending what to whom?

> Is =
> there a script available to monitor specific protocols
> traveling through =
> our routers?

One of these days I'm going to have to write a FAQ on this:
You can:
1.  Enable CAR, classify the different types of traffic flow that are
"interesting", and monitor them - I have a website with a simple example:
http://www.geocities.com/djmcdon1
2.  Turn on netflow and the HTTPD server on the router.  Write a script to
parse the contents of http://router-ip-address/exec/show/ip/cache/flow/cr
( I recently posted a script that parsed "show environment last", 'twould be
easy for someone who can understand the contents of "perldoc perlre" to fix
that up to pull all sorts of good information out about flows found for
major protocols.
3.  Turn on netflow, netflow export, and run cflowd or one of the other
netflow analyzers.

There are lots of other, more exotic solutions, but these seem to be the
best known practice today.


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the mrtg mailing list