Vsem privet.
Vopros kasaetsya tochnosti podscheta traffica NeTraMet'om.

Est' rabotayschaya systema na ipchains'e. Rabotaet bolee treh let. Vot s nei ya i sveryayu rezul'taty.

Esli tashit' traffic s NeTraMet'a s pomosch'y NeMac'a kajdie 5 minut, to traffic poluchaetsya na poryadok bol'she. Seichas eksperementiruyu i ostanovilsya na 15ti minutah.

No vse ravno est' voprosy.

1: Kak obyasnit' ne tochnost' kolichestva traffica?
2: Chital prediduschie posty. Kto-to jalovalsya na nezakonchinie potoki(flows kak ya ponyal). Chto eto za problema? Mojno podrobnei?
3: Dlya chego opciya NeMac -a? Man page ya chital, no _tochno_ ne ponyal.
4: Kak bi zabirat' statistiku kajdie 5 minut. Potomu kak daje pri 200000 flows, NeTraMet pishet 'Meter in Flood mode'.

Vse zapuscheno pod Slackware 9.0, Linux 2.4.22, libpcap-0.7.2, NeTraMet-4.4

Vot kak ya zapuskayu NeTraMet:
if [ -x /usr/local/ntm/bin/NeTraMet ]; then
  /usr/local/ntm/bin/NeTraMet \
        -f 200000 \
        -i eth0 \
        -l \
        -r read_password \
        -w write_password \
fi

NeMaC:
if [ -x /usr/local/ntm/bin/NeMaC ]; then
  /usr/local/ntm/bin/NeMaC \
        -b /usr/local/ntm/share/NeTraMet/mibs/mib.txt \
        -k 60 \
        -F /usr/local/ntm/logs/flow.log \
        -a 300 \
        -c 900 \
        -o 90 \
        -h 95 \
        -p \
        -v \
        -L /usr/local/ntm/logs/nemac.log \
        -r /usr/local/ntm/etc/ntm.rules \
        127.0.0.1 write_password
fi

Esli nado mogu vivesti srl file.

• NeTraMet, brain, 21:13 , 26-Окт-03, (1)