In Fire We Trust

Everyone needs to watch and count his traffic. Sometimes it is quite unpleasant to be billed for overtraffic. Along this line of thoughts yesterday i finished a solution for traffic counting, which works astonishingly well. Now we have just to wait and see how it will handle large volumes of traffic.

The solution is based on 3 separate pieces of software, namely:

• pmacct - the nfacctd part
• fprobe
• bwstat

And now for each one of them and how do they talk.

fprobe is a probe/sensor which in reality counts the traffic. It needs libpcap. Quite nice sensor. Light, fast, configurable from the command line, just plain beauty. The collected information is being sent to a collector at regular intervals using netFlow. Although a Cisco protocol it does a good job.

pmacct can be used as a sensor and a collector. In my case i used it as a collector, which after collecting the info from both my routers, aggregates it and exports it to MySQL database. We use version 1 table format as we don’t need the extra info.

bwstat is a web frontend designed to explore the aggregated pmacct information. It’s configuration is a bit awkward but can be handled easily. There is also a simple bug which makes it unable to see the additional host information, but all in all it is a good piece of software.

The final effect is a simple and elegant solution allowing exploration of the traffic in a nice and slick form.

If someone needs a help … give me a call and we’ll see what can be done.

It has to be noted that this configuration can take quite a bit of tunning and optimisation and probably a frontend replacement.