網上類似安裝文檔很多,但好像沒有描述是如何監控各VLAN的,剛開始也很奇怪,後來才知道,設置鏡像就可以了。
需求描述:
1.內網一共7個網段,分別是:
10.155.3.0/24,10.155.10.0/24,10.155.20.0/24,10.155.30.0/24,10.155.40.0/24,10.155.50.0/24,10.155.255.0/24
需要對這些網段上網流量進行監控,被監控端口在覈心交換機上,該端口直連防火牆,是內網所有機器上外網的出口,端口名字是interface GigabitEthernet 1/1/3,所在VLAN名字爲VLAN255,即10.155.255.0/24。
2.現在準備在覈心交換機上創建一個端口interface 1/0/9,連接安裝bandwidthd機器,該端口所屬VLAN50,即10.155.50.0/24,將GigabitEthernet 1/1/3的數據鏡像到該口上。
步驟:
1.配置核心交換機
#設置鏡像源端口
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]interface GigabitEthernet 1/1/3
[H3C-GigabitEthernet1/1/3]mirroring-port both
[H3C-GigabitEthernet1/1/3]quit
#設置鏡像目的端口
[H3C-Ethernet1/0/9]monitor-port
[H3C-Ethernet1/0/9]quit
#查看設置
[H3C]dis mirror
Monitor-port:
Ethernet1/0/9
GigabitEthernet1/1/3 both
2.安裝bandwidthd
需要的安裝包:
httpd,php,gd,gd-devel,libpng,libpng-devel,libpcap,libpcap-develdel。這些都可以用yum -y install 安裝。
shell# cd /opt
shell# wget http://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2
.0.1.tgz/download
shell# tar zxvf bandwidthd-2.0.1.tgz
shell# cd bandwidthd-2.0.1
shell# ./configure --prefix=/usr/local/bandwidthd
shell# make
shell# make install
shell# cd /usr/local/bandwidthd/bandwidthd/etc
shell# vi bandwidthd.conf
[root@nagios etc]# more bandwidthd.conf
####################################################
# Bandwidthd.conf
#
# Commented out options are here to provide
# documentation and represent defaults
# Subnets to collect statistics on. Traffic that
# matches none of these subnets will be ignored.
# Syntax is either IP Subnet Mask or CIDR
subnet 10.155.3.0/24
subnet 10.155.10.0/24
subnet 10.155.20.0/24
subnet 10.155.30.0/24
subnet 10.155.40.0/24
subnet 10.155.50.0/24
subnet 10.155.255.0/24
#subnet 192.168.0.0/16
#subnet 172.16.0.0/12
# Device to listen on
# Bandwidthd listens on the first device it detects
# by default. Run "bandwidthd -l" for a list of
# devices.
dev "eth0"
#dev "any"
###################################################
# Options that don't usually get changed
# An interval is 2.5 minutes, this is how many
# intervals to skip before doing a graphing run
#skip_intervals 0
# Graph cutoff is how many k must be transfered by an
# ip before we bother to graph it
#graph_cutoff 1024
#Put interface in promiscuous mode to score to traffic
#that may not be routing through the host machine.
#promiscuous true
#Log data to cdf file htdocs/log.cdf
#output_cdf false
output_cdf true
#Read back the cdf file on startup
#recover_cdf false
recover_cdf true
#Libpcap format filter string used to control what bandwidthd see's
#Please always include "ip" in the string to avoid strange problems
#filter "ip"
#Draw Graphs - This default to true to graph the traffic bandwidthd is recording
#Usually set this to false if you only want cdf output or
#you are using the database output option. Bandwidthd will use very little
#ram and cpu if this is set to false.
#graph true
#Set META REFRESH seconds (default 150, use 0 to disable).
#meta_refresh 150
shell# cd /var/www/html
shell# ln -s /usr/local/bandwidthd/bandwidthd/htdocs/ bandwidthd
設置完成後啓動bandwidthd
shell# /usr/local/bandwidthd/bandwidthd/bandwidthd
#查看進程
shell# ps -aux|grep bandwidthd
#如果要結束進程
shell# killall bandwidthd
進程啓動後,訪問Bandwidthd
http://ip/bandwidthd
問題:
1.如果要監控整個網絡,必須在網關上做,或者在交換機上設置鏡像端口,否則可能只能記錄某個網段的數據,而且不準。
2.測試發現很多時候P2P流量,例如迅雷下載被識別成HTTP下載,不知道爲何。