On Thu, Aug 06, 2015 at 10:44:01AM +0200, Joel Carnat wrote:
> Hi,
>
> I run several standard services (Web, Mail, DNS, b
>
> I was wondering what was the usual OpenBSD way for proactive/real-time
> traffic monitoring and alerting.
> That is, which software to use that would, for example, read HTTPD logs and
> alert if req/sec from same IP is over 50 ?
>
> Looking at the ports, I saw B+ snort B; but I was wondering if there were
> lighter tools for such tasks.
I use net/nfsen. This is a graphical front-end to net/nfdump, which
which uses netflow statistics from pflow(4). I Duse alerts via Email,
I use the front-end for two reasons:
1. I can reach out to it if neeeded from behind the Great Corporate
Firewall (TM) at $DAYJOB. (Access is protected by client
certificate installed in the browser.)
2. Graphic reports often help me understand traffic patterns over
time more clearly. I can dig deeper, either through nfsen's
analysis tools or via nfdump commands directly.
I don't know if this is The OpenBSD Way, but it does use pflow(4)
statistics to captures traffic statistics across multiple
systems.
