Page 1 of 2 12 LastLast
Results 1 to 20 of 25

Thread: DD-WRT & rflow collector

  1. #1
    BigAl.NZ@gmail.com
    Guest

    DD-WRT & rflow collector

    Hi All,

    My friend has a bunch of students living with them and the students
    are using all her bandwidth in a week, they are then throttled by the
    ISP back to dialup - ouch.

    Anyway she has a router with DD-WRT on it, and I was looking at
    putting some traffic monitoring software in place to see who the
    offender is.

    I have googled it and seen some info on rflow collector, but am still
    trying to get my head around how it all fits together.

    If I understand what I have read so far correctly then:

    1. Mysql stores the data in a table
    2. rflow collector writes the data to the database

    But does rflow collector also display the data or is another program
    required?

    This is on a Windows XP Machine.

    I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
    monitor whats happening on my NIC not the router?

    Please any help or suggestions appreciated.

    Ta

    -Al



  2. #2
    LR
    Guest

    Re: DD-WRT & rflow collector

    BigAl.NZ@gmail.com wrote:
    > Hi All,
    >
    > My friend has a bunch of students living with them and the students
    > are using all her bandwidth in a week, they are then throttled by the
    > ISP back to dialup - ouch.
    >
    > Anyway she has a router with DD-WRT on it, and I was looking at
    > putting some traffic monitoring software in place to see who the
    > offender is.
    >
    > I have googled it and seen some info on rflow collector, but am still
    > trying to get my head around how it all fits together.
    >
    > If I understand what I have read so far correctly then:
    >
    > 1. Mysql stores the data in a table
    > 2. rflow collector writes the data to the database
    >
    > But does rflow collector also display the data or is another program
    > required?
    >
    > This is on a Windows XP Machine.
    >
    > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
    > monitor whats happening on my NIC not the router?
    >
    > Please any help or suggestions appreciated.
    >
    > Ta
    >
    > -Al
    >
    >

    Did you check the DD-WRT Tutorial?
    <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_To_Gather_Traffic_Information>

  3. #3
    BigAl.NZ@gmail.com
    Guest

    Re: DD-WRT & rflow collector

    On May 22, 6:01 pm, LR <l...@privacy.net> wrote:
    > BigAl...@gmail.com wrote:
    > > Hi All,

    >
    > > My friend has a bunch of students living with them and the students
    > > are using all her bandwidth in a week, they are then throttled by the
    > > ISP back to dialup - ouch.

    >
    > > Anyway she has a router with DD-WRT on it, and I was looking at
    > > putting some traffic monitoring software in place to see who the
    > > offender is.

    >
    > > I have googled it and seen some info on rflow collector, but am still
    > > trying to get my head around how it all fits together.

    >
    > > If I understand what I have read so far correctly then:

    >
    > > 1. Mysql stores the data in a table
    > > 2. rflow collector writes the data to the database

    >
    > > But does rflow collector also display the data or is another program
    > > required?

    >
    > > This is on a Windows XP Machine.

    >
    > > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
    > > monitor whats happening on my NIC not the router?

    >
    > > Please any help or suggestions appreciated.

    >
    > > Ta

    >
    > > -Al

    >
    > Did you check the DD-WRT Tutorial?
    > <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>


    Yes, and it says you can use a query browser to view the
    network....sounds like I almost need to be a DB programmer to do
    this....I just want to view traffic amounts back to clients!!!!!

    Isnt there a easier way?

  4. #4
    Bill Kearney
    Guest

    Re: DD-WRT & rflow collector

    >> Did you check the DD-WRT Tutorial?
    >> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>

    >
    > Yes, and it says you can use a query browser to view the
    > network....sounds like I almost need to be a DB programmer to do
    > this....I just want to view traffic amounts back to clients!!!!!
    >
    > Isnt there a easier way?


    Good, fast, cheap... pick two. That's the rule. What you're after is
    doable and the software for it is all free. The expense is your time to set
    it all up. C'est la vie.


  5. #5
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Wed, 21 May 2008 23:44:34 -0700 (PDT), BigAl.NZ@gmail.com wrote:

    >> Did you check the DD-WRT Tutorial?
    >> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_...>

    >
    >Yes, and it says you can use a query browser to view the
    >network....sounds like I almost need to be a DB programmer to do
    >this....I just want to view traffic amounts back to clients!!!!!
    >
    >Isnt there a easier way?


    Easier? Sure, just pound the students into submission. Violence
    always works. It might also be easier to use QoS and apply quotas.
    Another easier way is to apply time slicing. Give each student 1 hour
    of internet time in rotation and bill them by the connect time. The
    easiest way (for me, in my limited experience) is to publicly post
    their individual traffic statistics. That will generate all manner of
    embarassing questions and tends to discourage overuse and abuse.

    Now, if you wanted a "better" way, instead of an "easier" way, there's
    always SNMP, which is part of the DD-WRT distribution. Like RFLOW,
    the problem is that you'll need a dedicated PC, running continuously,
    to do the logging. There's not enough horsepower or flash space in
    the WRT54G to store all the collected data.

    For SNMP monitoring, I suggest RRDTool running on your favorite Linux
    distribution:
    <http://oss.oetiker.ch/rrdtool/>
    with a Cacti front end:
    <http://www.cacti.net/>
    If that's too much, you can get a start with PRTG:
    <http://www.paessler.com/prtg>
    which does both SNMP and Netflow. You can sorta monitor by MAC
    address, so that you don't have to deal with seperating out the
    traffic by user. However, the free version of PRTG only does 3 OID's,
    so you'll need to spend the $100 for the commercial version. Send the
    bill to the students, which may in itself solve the problem. If not,
    there are plenty of other tools.

    RFlow uses a version of Cisco IOS Netflow. There are apparently
    plenty of monitoring and logging tools available. For example:
    <http://nst.sourceforge.net/nst/docs/user/ch09s02.html> (nice image)

    You might also take a look at Wallwatcher:
    <http://sonic.net/wallwatcher/>
    It can't seperate out the traffic by client IP, so it won't do what
    you want, but it's a useful tool for collecting overall traffic data
    and sniffing, without the complexities of SNMP and Netflow.

    --
    Jeff Liebermann jeffl@cruzio.com
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558

  6. #6
    seaweedsl
    Guest

    Re: DD-WRT & rflow collector

    On May 22, 12:32 am, BigAl...@gmail.com wrote:
    > Hi All,
    >
    > My friend has a bunch of students living with them and the students
    > are using all her bandwidth in a week, they are then throttled by the
    > ISP back to dialup - ouch.
    >
    > Anyway she has a router with DD-WRT on it, and I was looking at
    > putting some traffic monitoring software in place to see who the
    > offender is.
    >
    > I have googled it and seen some info on rflow collector, but am still
    > trying to get my head around how it all fits together.
    >
    > If I understand what I have read so far correctly then:
    >
    > 1. Mysql stores the data in a table
    > 2. rflow collector writes the data to the database
    >
    > But does rflow collector also display the data or is another program
    > required?
    >
    > This is on a Windows XP Machine.
    >
    > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
    > monitor whats happening on my NIC not the router?
    >
    > Please any help or suggestions appreciated.
    >
    > Ta
    >
    > -Al


    I use Rflow, and though it's minimal, it does help me get an idea of
    what's going on and I haven't found anything else so direct and simple
    excepting NTOP which is even less supported and trickier. There is
    almost no documentation on Rflow and very little adjustment,but it
    works. I certainly wish somebody would give it some attention, I'd
    pay for it.

    But it works and YOU DON'T NEED MySQL to use it. It will show each
    user currently connected to the router and how much they are
    downloading and uploading. If you keep it running all the time, you
    can see running totals for all users. It's a bit hard to sort out
    the obscure labeling, but you can figure out which data columm serves
    you.

    So, if you don't want to get into the SNMP programs, which I
    personally couldn't sort out in a week of study, then try Rflow. It's
    very easy to install and you can make up a text list of MAC addys
    linked to user names that it will load when it starts.

    The tricky part is that you need to have it running on some pc all the
    time. Also, the numbers are tied to each MAC-IP assignment, so if
    somebody goes offline and then comes on with a new IP, then you lose
    their old data. Best to assign IPs for longer term tracking.
    Certainly using it with MySQL is the way to go, but again, I don't
    want to spend a week learning it either.

    Two other comments:

    1) I also put DU meter on the individual problem machines so that the
    users know what they are doing too. It's specific to the local machine
    and helps them self-police. DU meter costs money but there are free
    local bandwidth meters too.

    2) V24 of DD-WRT has bandwidth monitoring of it's own. I kinda doubt
    it will serve you much, but you may want to upgrade dd-wrt (carefully-
    get the right file ) if you don't have v24 and check that out too.

    So, try out Rflow. If you run into trouble, ask here. The DD-WRT
    forum won't help much on this for some reason, but do a search for it
    there, many questions (with a few answers) about it are mine !

    Steve

  7. #7
    BigAl.NZ@gmail.com
    Guest

    Re: DD-WRT & rflow collector

    Cheers Jeff,

    yes the PRTG was easy.

    There is also MRTG which is completely free - tried that one?

    I have four clients that i need to monitor, so damn, one more than
    PRTG wil give me.

    -Al


  8. #8
    BigAl.NZ@gmail.com
    Guest

    Re: DD-WRT & rflow collector

    I would love to try it but as you say there is very little
    documentation.

    Could you post some instructions here? I have a spare PC it could run
    on....

    Cheers

    -Al


    seaweedsl wrote:
    > On May 22, 12:32 am, BigAl...@gmail.com wrote:
    > > Hi All,
    > >
    > > My friend has a bunch of students living with them and the students
    > > are using all her bandwidth in a week, they are then throttled by the
    > > ISP back to dialup - ouch.
    > >
    > > Anyway she has a router with DD-WRT on it, and I was looking at
    > > putting some traffic monitoring software in place to see who the
    > > offender is.
    > >
    > > I have googled it and seen some info on rflow collector, but am still
    > > trying to get my head around how it all fits together.
    > >
    > > If I understand what I have read so far correctly then:
    > >
    > > 1. Mysql stores the data in a table
    > > 2. rflow collector writes the data to the database
    > >
    > > But does rflow collector also display the data or is another program
    > > required?
    > >
    > > This is on a Windows XP Machine.
    > >
    > > I have tried Open Xtra MRTG and NTOP on my PC, but it only seems to
    > > monitor whats happening on my NIC not the router?
    > >
    > > Please any help or suggestions appreciated.
    > >
    > > Ta
    > >
    > > -Al

    >
    > I use Rflow, and though it's minimal, it does help me get an idea of
    > what's going on and I haven't found anything else so direct and simple
    > excepting NTOP which is even less supported and trickier. There is
    > almost no documentation on Rflow and very little adjustment,but it
    > works. I certainly wish somebody would give it some attention, I'd
    > pay for it.
    >
    > But it works and YOU DON'T NEED MySQL to use it. It will show each
    > user currently connected to the router and how much they are
    > downloading and uploading. If you keep it running all the time, you
    > can see running totals for all users. It's a bit hard to sort out
    > the obscure labeling, but you can figure out which data columm serves
    > you.
    >
    > So, if you don't want to get into the SNMP programs, which I
    > personally couldn't sort out in a week of study, then try Rflow. It's
    > very easy to install and you can make up a text list of MAC addys
    > linked to user names that it will load when it starts.
    >
    > The tricky part is that you need to have it running on some pc all the
    > time. Also, the numbers are tied to each MAC-IP assignment, so if
    > somebody goes offline and then comes on with a new IP, then you lose
    > their old data. Best to assign IPs for longer term tracking.
    > Certainly using it with MySQL is the way to go, but again, I don't
    > want to spend a week learning it either.
    >
    > Two other comments:
    >
    > 1) I also put DU meter on the individual problem machines so that the
    > users know what they are doing too. It's specific to the local machine
    > and helps them self-police. DU meter costs money but there are free
    > local bandwidth meters too.
    >
    > 2) V24 of DD-WRT has bandwidth monitoring of it's own. I kinda doubt
    > it will serve you much, but you may want to upgrade dd-wrt (carefully-
    > get the right file ) if you don't have v24 and check that out too.
    >
    > So, try out Rflow. If you run into trouble, ask here. The DD-WRT
    > forum won't help much on this for some reason, but do a search for it
    > there, many questions (with a few answers) about it are mine !
    >
    > Steve


  9. #9
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Fri, 23 May 2008 04:38:48 -0700 (PDT), BigAl.NZ@gmail.com wrote:

    >yes the PRTG was easy.
    >There is also MRTG which is completely free - tried that one?


    Yes. I wrote the unofficial instructions for using it under Windoze
    95, 98, and ME:
    <http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm>
    Tobias hates Win95, 98, and ME, so I got stuck with the task.

    MRTG is easy to setup simple things, but it has some limitations.
    1. It uses Perl scripts, which tend to be slow on slow machines.
    2. It only graphs 2 OID's per graph, which is rather limiting when
    you're trying to graph traffic for more than two users, or two
    services.
    3. Monitoring large number of devices rapidly becomes an
    administrative nightmare.
    4. One mistake in mrtg.cfg and things really screwup. Diagnostic
    output is rather marginal.

    >I have four clients that i need to monitor, so damn, one more than
    >PRTG wil give me.


    More than 4. You'll also need total traffic in and out to make sure
    you haven't missed anyone, such as visiting laptops.

    --
    Jeff Liebermann jeffl@cruzio.com
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558

  10. #10
    BigAl.NZ@gmail.com
    Guest

    Re: DD-WRT & rflow collector

    On May 24, 3:09*am, Jeff Liebermann <je...@cruzio.com> wrote:
    > On Fri, 23 May 2008 04:38:48 -0700 (PDT), BigAl...@gmail.com wrote:
    > >yes the PRTG was easy.
    > >There is also MRTG which is completely free - tried that one?

    >
    > Yes. *I wrote the unofficial instructions for using it under Windoze
    > 95, 98, and ME:
    > <http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm>
    > Tobias hates Win95, 98, and ME, so I got stuck with the task.
    >
    > MRTG is easy to setup simple things, but it has some limitations. *
    > 1. *It uses Perl scripts, which tend to be slow on slow machines.
    > 2. *It only graphs 2 OID's per graph, which is rather limiting when
    > you're trying to graph traffic for more than two users, or two
    > services.
    > 3. *Monitoring large number of devices rapidly becomes an
    > administrative nightmare.
    > 4. *One mistake in mrtg.cfg and things really screwup. *Diagnostic
    > output is rather marginal.
    >
    > >I have four clients that i need to monitor, so damn, one more than
    > >PRTG wil give me.

    >
    > More than 4. *You'll also need total traffic in and out to make sure
    > you haven't missed anyone, such as visiting laptops.
    >
    > --
    > Jeff Liebermann * * je...@cruzio.com
    > 150 Felker St #D * *http://www.LearnByDestroying.com
    > Santa Cruz CA 95060http://802.11junk.com
    > Skype: JeffLiebermann * * AE6KS * *831-336-2558


    Whats a OID?

  11. #11
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Fri, 23 May 2008 13:48:58 -0700 (PDT), BigAl.NZ@gmail.com wrote:

    >Whats a OID?


    Object Identifier. In SNMP, it looks like 1.3.6.1.2.etc:
    <http://www.alvestrand.no/objectid/1.3.6.1.2.1.html>
    <http://www.alvestrand.no/objectid/>
    It identifies the various counters, and their possible values, that
    SNMP transmits.

    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831-336-2558 jeffl@comix.santa-cruz.ca.us
    # http://802.11junk.com jeffl@cruzio.com
    # http://www.LearnByDestroying.com AE6KS

  12. #12
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Fri, 23 May 2008 13:48:58 -0700 (PDT), BigAl.NZ@gmail.com wrote:

    >Whats a OID?


    Also, see:
    <http://www.ireasoning.com/mibbrowser.shtml>
    for a free, but rather limited, MIB browser.

    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831-336-2558 jeffl@comix.santa-cruz.ca.us
    # http://802.11junk.com jeffl@cruzio.com
    # http://www.LearnByDestroying.com AE6KS

  13. #13
    BigAl.NZ@gmail.com
    Guest

    Re: DD-WRT & rflow collector

    On May 24, 10:48*am, Jeff Liebermann <je...@cruzio.com> wrote:
    > On Fri, 23 May 2008 13:48:58 -0700 (PDT), BigAl...@gmail.com wrote:
    > >Whats a OID?

    >
    > Also, see:
    > <http://www.ireasoning.com/mibbrowser.shtml>
    > for a free, but rather limited, MIB browser.
    >
    > --
    > # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    > # 831-336-2558 * * * * * *je...@comix.santa-cruz.ca.us
    > #http://802.11junk.com* * * * * * * je...@cruzio.com
    > #http://www.LearnByDestroying.com* * * * * * * AE6KS


    Ok, I have been playing around with PRTG, and let me check I got this
    right:

    It seems that by default PRTG lets you monitor all the wired ports,
    and all the wireless ports, but it doesnt actually break that traffic
    down into whats come from various client IP's?

    To do that it appears you need to setup a netflow sensor with a packet
    filter rule?

    And I cant workout why when I setup a netflow sensor with a packet
    filter rule it says at the top of the graph "netflow data delayed by 5
    min"?

    -Al

  14. #14
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Sun, 25 May 2008 03:54:08 -0700 (PDT), BigAl.NZ@gmail.com wrote:

    >Ok, I have been playing around with PRTG, and let me check I got this
    >right:
    >
    >It seems that by default PRTG lets you monitor all the wired ports,
    >and all the wireless ports, but it doesnt actually break that traffic
    >down into whats come from various client IP's?


    Yep. By default, total traffic only.

    >To do that it appears you need to setup a netflow sensor with a packet
    >filter rule?


    Nope. You only need to find the proper OID (object identifier). You
    can do it two ways. By IP address or by MAC address. Get yourself a
    MIB browser and dump the entire MIB tree from your router. I like to
    use an old one called GetIF:
    <http://www.wtcs.org/snmp4tpc/getif.htm >
    Some usage detail:
    <http://groups.google.com/group/alt.internet.wireless/msg/3940c22469037822>

    The free one from IReasoning is better, but you can't load enough MIB
    files to make it really useful.
    <http://www.ireasoning.com/mibbrowser.shtml>

    More MIB browsers:
    <http://www.snmplink.org/snmpsoftware/forenduser/#6>
    <http://www.snmplink.org/snmpsoftware/forenduser/>

    If all else fails, use the DOS version SNMPUTIL.EXE from:
    <http://www.wtcs.org/snmp4tpc/testing.htm>
    Run:
    SNMPUTIL walk 192.168.1.1 public .1.3.6.1
    which should dump everything but with only numeric OID's, not text
    versions. Sift through the mess until you find the OID's for your
    favorite IP or MAC address. Well, you can make it easier with:
    SNMPUTIL walk 192.168.1.1 public .1.3.6.1 | find "192.168.1.11"
    where 192.168.1.11 is replaced by the IP or MAC address of a computah.
    The extra numbers at the end of the OID are pointers to a table, where
    the data is located. When you find an OID worth monitoring, type it
    into the PRTG config file. Repeat for all computers on the LAN. Also
    graph the total traffic so that you can tell if anyone has snuck in a
    new device. The SNMP table will update dynamically, but not the
    PRTG/MRTG config files.

    | C:\> snmputil walk 192.168.1.1 public .1.3.6.1 | find /I "netaddress"
    |
    | Variable = at.atTable.atEntry.atNetAddress.268906152.1.63.249.85.1
    | Variable = at.atTable.atEntry.atNetAddress.2147443560.1.192.168.1.11
    | Variable = ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress.268752072.63.249.85.1
    | Variable = ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress.2147443560.192.168.1.11

    192.168.1.11 is the IP of my desktop. 63.249.85.1 is the ISP gateway
    IP. The rubbish preceding the IP's are the pointers.

    I'll bet you thought that SNMP was simple?

    >And I cant workout why when I setup a netflow sensor with a packet
    >filter rule it says at the top of the graph "netflow data delayed by 5
    >min"?


    Dunno. I'm too lazy to try it today. Not enough sleep.

    --
    Jeff Liebermann jeffl@cruzio.com
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558

  15. #15
    seaweedsl
    Guest

    Re: DD-WRT & rflow collector

    If you ever get SNMP sorted out, let us know. Obviously Jeff
    understands it and some other people as well whom I've never
    encountered.

    Personally, as a non-programmer, it looks every bit as easy as
    learning Chinese.

    I'm grateful for Rflow and DD-WRT It does the job for free with
    minimal installation and no additional software, research or
    programming.

    Steve

  16. #16
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Sun, 25 May 2008 10:48:05 -0700 (PDT), seaweedsl
    <seaweedsteve@gmail.com> wrote:

    >If you ever get SNMP sorted out, let us know. Obviously Jeff
    >understands it and some other people as well whom I've never
    >encountered.


    Wrong. I've used SNMP, dabbled with various SNMP based devices, done
    battle with monitoring software, and even got paid for the exercise.
    However, that doesn't mean I really understand it. There are plenty
    of mysteries that I still don't understand, despite explanations and
    reading. For example, when does one use a leading decimal point in
    front of the OID?

    >Personally, as a non-programmer, it looks every bit as easy as
    >learning Chinese.


    Actually, using it fairly easy, especially with a suitable front end
    program to insulate you from the complexities. A MIB browser is a
    good start.

    >I'm grateful for Rflow and DD-WRT It does the job for free with
    >minimal installation and no additional software, research or
    >programming.


    Netflow (also known as Rflow) is probably the right answer for
    monitoring traffic by IP or MAC address.

    Got $1800 handy?
    <http://www.solarwinds.com/products/orion/nta/index.aspx>
    Might be fun to try it. It says it's for Cisco but I think it will
    work with DD-WRT Rflow.

    Looks like they also have a wireless monitor for only $2500:
    <http://www.solarwinds.com/products/orion/wireless/index.aspx>

    This one looks interesting:
    <http://www.plixer.com/products/free-netflow.php>
    Only $5,000.

    Probably a bit much for students. So, there are free Netflow tools:
    <http://www.networkuptime.com/tools/netflow/>
    Like anything good, they're mostly Unix or Linux based. However,
    there are a few with Windoze versions.

    So much free software.... so little time.


    --
    Jeff Liebermann jeffl@cruzio.com
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558

  17. #17
    seaweedsl
    Guest

    Re: DD-WRT & rflow collector

    I knew I should have kept my mouth shut. Now Jeff's got me exploring
    Netflow alternatives again. Still, I think that Rflow has an
    advantage over the others in that it uses MACupd ( I think it's
    called) which seems to allow one to monitor....uh,.....actually, I'm
    not clear what does what.

    But it' a feature that must be doing something! And the others don't
    seem to have it. So there!

    I think that my/our problem with monitoring software that uses
    Netflow, SNMP and/or whatever is that until now, administrators with
    serious budgets and serious tech skills were the target user. Now, as
    networking has become ubiquitous, every Tom, Dick and seaweedsl wants /
    needs monitoring software that we can learn in one hour, not 30.

    I wonder when somebody will put out a cleaned-up, fleshed-out, well-
    explained data-managing version of Rflow. Make it shareware without
    data logging and $20-25 with and you will have an income. So what
    if it needs DD-WRT to run, that's common enough now and supports many
    routers.

    Thanks for the links though, Jeff. At the least, Ntop appears to have
    been updated and I might try it again. I never could get it working
    before. Or maybe I'll learn MySQL .... when I have time and brain
    cells to spend on it.

  18. #18
    seaweedsl
    Guest

    Re: DD-WRT & rflow collector

    On May 26, 1:17 pm, seaweedsl <seaweedst...@gmail.com> wrote:

    >....Rflow has an
    > advantage over the others in that it uses MACupd ( I think it's
    > called)


    Obviously Rflow uses Rflow/Netflow primarily. MACupd is an
    additional feature. I think it's what matches the MAC address to user
    names.


    Steve

  19. #19
    Jeff Liebermann
    Guest

    Re: DD-WRT & rflow collector

    On Mon, 26 May 2008 12:17:17 -0700 (PDT), seaweedsl
    <seaweedsteve@gmail.com> wrote:

    >I knew I should have kept my mouth shut.


    Sorry. When I don't have an instant answer handy, I usually try to
    get the person asking to do all the work.

    DD-WRT v24 final release arrived last week. I've installed it on
    several non-critical machines. It's working just fine, and even fixed
    a mysterious wireless key renewal and disconnect problem I was having
    with WPA2-TKIP (not really offically supported as WPA2 is suppose to
    use AES encryption).

    >Now Jeff's got me exploring
    >Netflow alternatives again. Still, I think that Rflow has an
    >advantage over the others in that it uses MACupd ( I think it's
    >called) which seems to allow one to monitor....uh,.....actually, I'm
    >not clear what does what.


    While you're at it, here's another mystery. Go to "Services" tab and
    scroll down to the very bottom of the list. There's something called
    "WAN Traffic Counter - ttraff daemon". I enabled it and tried to
    decode it's purpose, but failed. The source code is interesting:
    <http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/rc/ttraff.c?rev=9009>
    and says "used for collecting and storing WAN traffic info to nvram".
    Ok, so where do I find it and how do I use the collected data?

    >But it' a feature that must be doing something! And the others don't
    >seem to have it. So there!


    Go to the source:
    <http://svn.dd-wrt.com:8000/dd-wrt/browser/opt/macupd/macupd.c>
    macupd v2 | send all known Clients (and WDS) from this machine by UDP

    >I think that my/our problem with monitoring software that uses
    >Netflow, SNMP and/or whatever is that until now, administrators with
    >serious budgets and serious tech skills were the target user. Now, as
    >networking has become ubiquitous, every Tom, Dick and seaweedsl wants /
    >needs monitoring software that we can learn in one hour, not 30.


    Well, I hate to admit a small failure, but I was sympathetic (and
    bored) yesterday. So, I downloaded the latest MRTG and decided to
    scribble a web page detailing what it takes to monitor a DD-WRT based
    router.

    The first thing I discovered is that the MRTG Windoze install and
    setup instructions have a few major errors. The next thing I
    discovered is that I had no easy way to generate a dynamic list of MAC
    addresses so that new graphs could be created on the fly. I think I
    can do that with MACupd or more crudely with arp -a or a simple Perl
    script. Within about an hour, I discovered that I had a major project
    on my hands and gave up for now. I hate programming...

    >I wonder when somebody will put out a cleaned-up, fleshed-out, well-
    >explained data-managing version of Rflow. Make it shareware without
    >data logging and $20-25 with and you will have an income. So what
    >if it needs DD-WRT to run, that's common enough now and supports many
    >routers.
    >
    >Thanks for the links though, Jeff. At the least, Ntop appears to have
    >been updated and I might try it again. I never could get it working
    >before. Or maybe I'll learn MySQL .... when I have time and brain
    >cells to spend on it.


    I tried the Windoze (demo) version of NTOP recently. It was even more
    complicated to setup than before. I did manage to configure Netflow
    (2055) but couldn't get NTOP to display any data. It was also
    irritating to find that I had to configure an ethernet interface for
    data sniffing, even though I wasn't using it.

    More, when I have time. Today is Memorial Day in the USA. I'm
    celebrating the holiday by dragging myself to the office and working
    on two nightmares. I think I blew up a customers laptop and may have
    to buy her a replacement. I also have a really ancient Xenix server
    with a blown IBM monochrome display. When I plug in a VGA, it
    overlaps the memory mapped for the Digiboard serial card and panics.
    So, I have to fix the monitor. I hate computers...



    --
    Jeff Liebermann jeffl@cruzio.com
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558

  20. #20
    msg
    Guest

    Re: DD-WRT & rflow collector

    Jeff Liebermann wrote:

    <snip>
    I also have a really ancient Xenix server
    > with a blown IBM monochrome display. When I plug in a VGA, it
    > overlaps the memory mapped for the Digiboard serial card and panics.
    > So, I have to fix the monitor. I hate computers...


    Is it running on AT-class hardware or Microchannel? Can you
    cpio the entire system (sans user data where necessary) to
    preserve it? Is it MS-Xenix or the IBM variant?

    Michael

Similar Threads

  1. DD WRT for a Buffalo WBR2-G54S
    By lenwest in forum Routers & Internet Sharing
    Replies: 0
    Last Post: 06-30-07, 06:48 PM
  2. cisco router log collector
    By huseyin in forum Networking Forum
    Replies: 1
    Last Post: 01-26-07, 07:15 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •