Monitoring (featured logo)

Nfsen: Traffic Classification

Nfsen is open source sensor: it accepts netflow data from multiple netflow probes (servers, routers, vpn concentrators etc) and then visualizes it into human readable form. So using Nfsen you can see traffic statistics of every network device in your network in one place (actually Nfsen provides much more features).

By default Nfsen makes it possible to see only inbound and outbound traffic statistics but no protocol breakdown or any traffic classification. In the meantime it’s always useful to know what network applications are eating the bandwidth to understand if that fits baseline or not and take necessary actions. For example, if you’re monitoring Linux server which primary task is to host some website but in Nfsen you see that it generates 90% of SSH traffic and only 10% of web traffic then it would be reasonable idea to check if somebody is trying to brute force SSH password and stop that activity. In other words it’s better to have traffic statistics classified. In this article I’ll tell you how to enable traffic classification in Nfsen.

Read More »Nfsen: Traffic Classification

Monitoring (featured logo)

Install nfdump and nfsen netflow tools in Linux

Using nfsen it is possible to view IP traffic statistics on Linux interfaces including the graphs showing data sent and received (see the screenshot to the right) as well as historical information about all data transfers. So after you’ve configured nfsen and nfdump to monitor… Read More »Install nfdump and nfsen netflow tools in Linux

Sendmail for virtual users with procmail, spamassassin and dovecot

Today I’d like to describe setup of sendmail that allows to establish receiving of e-mails for certain domain and sort incoming messages between virtual users. Those users must be able to fetch received e-mails via POP3 or IMAP protocols with or without TLS encryption. The… Read More »Sendmail for virtual users with procmail, spamassassin and dovecot

Cisco (featured logo)

How to monitor traffic at Cisco router using Linux (Netflow)

By default Cisco IOS doesn’t provide any traffic monitoring tools like iftop or iptraff available in Linux. While there are lots of proprietary solutions for this purpose including Cisco Netflow Collection, you are free to choose nfdump and nfsen open source software to monitor traffic… Read More »How to monitor traffic at Cisco router using Linux (Netflow)