14 Jun
2013
14 Jun
'13
2:49 p.m.
On 13/06/13 18:58, Mike Zanker wrote:
On 13/06/2013 16:49, Andy Smith wrote:
Another nod for vnstat. I have also used mrtg in the past and that's
nice as well.
I also use iftop to see what's happening on a server at that time.
--
Matthew Moore
Surgical Materials Testing Laboratory
System Administrator
Telephone: +44 (0)1656 752165
Email: matt(a)smtl.co.uk
I mostly just use simple bandwidth graphing in
cacti to see when
there's anything out of the ordinary and then use tcpdump/wireshark
to work out what is the abnormal traffic.
If it's more complicated than that then I'll use ntop to get a
breakdown by IP address and port/protocol.
mrtg for traffic level; ipaudit (getting rather long in the tooth now)
for daily/weekly/monthly stats and wireshark or ntop for more detailed
inspection.
If anybody knows of a good ipaudit replacement I'd be interested...