Monitoring Network Traffic
Basic Essential Network Monitoring
- Preface
- Monitoring in Linux
- About The Tools
- Ubuntu / Debian Installation
- CentOS / RHEL Installation
- Fedora (16+) Installation
- openSUSE Installation
- How to use VNstat
- How to use IPtraf
- Conclusion...
Preface
Basic administration principles state that you, the administrator, should have a strong grasp on what your server is doing at all times. One major metric that is sometimes missed is overall network activity. The metrics gained by proper network monitoring can reveal your traffic trends which will lead to a better understanding in the trends for your application, the load times on your system, and any activity that may not have been accounted for. Monitoring is essential to a successful infrastructure, and without it you will be forced to guess and or interpret logs which will lead to a misunderstanding of real traffic going to and leaving your server.
Monitoring in Linux
In the world of Linux there are many open source solutions that can accomplish the lofty goals of monitoring and logging "Actual" traffic. Most of these free and Open Source tools can work with minimal setup and achieve very high accuracy. Out of all the tools available I am partial to VNstat and IPtraf. Both of these can be found in most repositories, have minimal dependencies, and work on ALL Linux systems.
About The Tools
VNstat : Learn More about VNstat
VNstat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that VNstat won't actually be sniffing any traffic and also ensures light use of system resources. With VNstat you are able to keep a log of all incoming and outgoing traffic which will be logged by Minute,Hour,Day,Month,Year.
IPtraf : Learn More about IPtraf
IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.
How to install these tools
Ubuntu / Debian
Here is how to install VNstat as well as IPtraf on a Ubuntu / Debian Slice.
Both of these tools are readily available on a Debian / Ubuntu Server.
A quick search will yield these packages.
apt-get update apt-cache search iptraf ## iptraf - Interactive Colorful IP LAN Monitor apt-cache search vnstat ## vnstat - console-based network traffic monitor
To do the installation of the tools on your server simply execute this command.
apt-get install iptraf vnstat
Lastly we setup VNstat to begin monitoring the interfaces.
# Public Interface vnstat -u -i eth0 # Private Interface vnstat -u -i eth1
CentOS / RHEL
Here is how to install VNstat as well as IPtraf on a CentOS / RHEL Slice.
In the base repositories for CentOS and RHEL, IPtraf is easily installed. However, VNstat is not not found in these repositories and will either need to be installed via a third-party repository, or compiled from source. In this instance I choose to install from source. I made this choice because VNstat is a small package and has no real dependencies. At the time of this writing, VNstat 1.11 is the latest version available.
VNstat is a simple package to install and here are the commands
First - Download the source and unpack the source
cd ~/ wget http://humdi.net/vnstat/vnstat-1.11.tar.gz tar xzf vnstat-1.11.tar.gz cd ~/vnstat-1.11
Second - Now make sure that you have the two needed packages installed, which are gcc and make, and then install vnstat
yum install gcc make make make install
Third - Now that the package is installed we need to make it start, and automatically restart on boot.
cp ~/vnstat-1.11/examples/init.d/redhat/vnstat /etc/init.d/vnstat chmod +x /etc/init.d/vnstat /etc/init.d/vnstat start cd /etc/init.d/ chkconfig --add vnstat chkconfig vnstat on cd ~/
Fourth - Lastly we setup VNstat to begin monitoring the interfaces.
# Public Interface vnstat -u -i eth0 # Private Interface vnstat -u -i eth1
Here is the package that we will need to install on your server for IPtraf
You can search for the package like this :
yum search iptraf ## iptraf.x86_64 : A console-based network monitoring utility.
To install here is the command :
yum install iptraf.x86_64
Fedora (16+)
Here is how to install VNstat as well as IPtraf on a Fedora Slice.
Both of the packages are readily available from the Fedora repositories.
A quick search will yield these packages.
yum search iptraf ## iptraf.x86_64 : A console-based network monitoring utility yum search vnstat ## vnstat.x86_64 : Console-based network traffic monitor
The installation of the tools on your server is done by simply executing this command.
yum install iptraf vnstat
We need to setup VNstat to begin monitoring the interfaces.
# Public Interface vnstat -u -i eth0 # Private Interface vnstat -u -i eth1
Lastly we create a symlink for legacy purposes
ln -s /usr/sbin/iptraf-ng /usr/sbin/iptraf
openSUSE
Here is how to install VNstat as well as IPtraf on a openSUSE Slice.
Like CentOS and RHEL, IPtraf is easily installed in openSUSE. However, VNstat is not not found in the repositories. You will either need to be installed via a third-party repository, or compiled from source. In this instance I choose to install from source. I made this choice because VNstat is a small package and has no real dependencies.
VNstat is a simple package to install here are the commands
First - Download the source and unpack the source
cd ~/ wget http://humdi.net/vnstat/vnstat-1.11.tar.gz tar xzf vnstat-1.11.tar.gz cd ~/vnstat-1.11
Second - Now make sure that you have the 2 needed packages installed, which are 'gcc' and 'make', and then install vnstat.
zypper ref zypper in gcc make make make install
Third - Now that the package is installed we need to make it start and automatically restart on boot.
cp ~/vnstat-1.11/examples/init.d/redhat/vnstat /etc/init.d/vnstat chmod +x /etc/init.d/vnstat /etc/init.d/vnstat start cd /etc/init.d/ chkconfig --add vnstat chkconfig vnstat on cd ~/
Fourth - Lastly we setup VNstat to begin monitoring the interfaces.
# Public Interface vnstat -u -i eth0 # Private Interface vnstat -u -i eth1
Here is the package that we will need to install on your server for IPtraf
A quick Search for the package reveals :
zypper se iptraf ## iptraf | TCP/IP Network Monitor | srcpackage
To install iptraf here is the command :
zypper in iptraf
How to use these tools
Using VNstat : Manual Page for VNstat
Once you have Installed and setup VNstat on your system you will have to allow for at least ONE hour. After that time frame, your database will contain data and begin showing you metrics.
Common VNstat Uses
-
- Snapshot : vnstat
rx / tx / total / estimated
eth0:
Apr '12 26.68 MiB / 196.70 MiB / 223.38 MiB / 1.38 GiB
yesterday 6.35 MiB / 37.71 MiB / 44.06 MiB
today 4.73 MiB / 34.66 MiB / 39.39 MiB / 52 MiB
-
- Hourly Report : vnstat -h
eth0 17:02 | t t t t t t t t t | t t t t t t t t t t t t | t t rt rt rt t t t t t t t t t t t t t t -+---------------------------------------------------------------------------> | 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) h rx (KiB) tx (KiB) 18 157 607 02 143 888 10 150 1878 19 266 1389 03 169 548 11 212 1229 20 259 918 04 72 449 12 191 1904
-
- Daily Report : vnstat -d
eth0 / daily
eth0 / daily
day rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
04/01/12 4.91 MiB | 43.77 MiB | 48.67 MiB | 4.61 kbit/s
04/02/12 6.65 MiB | 46.65 MiB | 53.30 MiB | 5.05 kbit/s
04/03/12 4.04 MiB | 33.92 MiB | 37.96 MiB | 3.60 kbit/s
04/04/12 6.35 MiB | 37.71 MiB | 44.06 MiB | 4.18 kbit/s
04/05/12 4.73 MiB | 34.66 MiB | 39.39 MiB | 5.26 kbit/s
------------------------+-------------+-------------+---------------
estimated 5 MiB | 47 MiB | 52 MiB |
-
- Weekly Report : vnstat -w
eth0 / weekly
rx | tx | total | avg. rate
---------------------------+-------------+-------------+---------------
last 7 days 36.62 MiB | 256.09 MiB | 292.71 MiB | 4.13 kbit/s
last week 42.62 MiB | 237.17 MiB | 279.78 MiB | 3.79 kbit/s
current week 21.79 MiB | 152.97 MiB | 174.75 MiB | 4.46 kbit/s
---------------------------+-------------+-------------+---------------
estimated 39 MiB | 286 MiB | 325 MiB |
-
- Monthly Report : vnstat -m
eth0 / monthly
month rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Apr '12 26.68 MiB | 196.70 MiB | 223.38 MiB | 4.50 kbit/s
------------------------+-------------+-------------+---------------
estimated 165 MiB | 1.22 GiB | 1.38 GiB |
Using IPtraf :
Manual Page for IPtraf
IPtraf is an application that can be used just as soon as it is installed. IPtraf watches traffic in real time.
IPtraf Commands
- General Output : iptraf -g
- Detailed Information on a Select Interface : iptraf -d iface
- Semi-Graphical Interface : iptraf
Conclusion
Now that you have installed these packages you should have full network monitoring in place. VNstat will monitor the servers internal and external network interfaces for all sent and received traffic. While IPtraf will allow you the ability to use a utility from the shell to gauge network traffic in real time. These tools are invaluable and should provide a lot more insight into your overall operations.
If you enjoyed this post or if this has helped you, please comment.</
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER
0 Comments
Add new comment