网上类似安装文档很多,但好像没有描述是如何监控各VLAN的,刚开始也很奇怪,后来才知道,设置镜像就可以了。

需求描述:

1.内网一共7个网段,分别是:
10.155.3.0/24,10.155.10.0/24,10.155.20.0/24,10.155.30.0/24,10.155.40.0/24,10.155.50.0/24,10.155.255.0/24
需要对这些网段上网流量进行监控,被监控端口在核心交换机上,该端口直连防火墙,是内网所有机器上外网的出口,端口名字是interface GigabitEthernet 1/1/3,所在VLAN名字为VLAN255,即10.155.255.0/24。
2.现在准备在核心交换机上创建一个端口interface 1/0/9,连接安装bandwidthd机器,该端口所属VLAN50,即10.155.50.0/24,将GigabitEthernet 1/1/3的数据镜像到该口上。

步骤:

1.配置核心交换机

#设置镜像源端口
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]interface GigabitEthernet 1/1/3
[H3C-GigabitEthernet1/1/3]mirroring-port both
[H3C-GigabitEthernet1/1/3]quit
#设置镜像目的端口
[H3C-Ethernet1/0/9]monitor-port
[H3C-Ethernet1/0/9]quit
#查看设置
[H3C]dis mirror
 Monitor-port:
   Ethernet1/0/9
   GigabitEthernet1/1/3       both

2.安装bandwidthd


需要的安装包:

httpd,php,gd,gd-devel,libpng,libpng-devel,libpcap,libpcap-develdel。这些都可以用yum -y install 安装。


shell# cd /opt
shell# wget http://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2
.0.1.tgz/download
shell# tar zxvf bandwidthd-2.0.1.tgz
shell# cd bandwidthd-2.0.1
shell# ./configure --prefix=/usr/local/bandwidthd
shell# make
shell# make install
shell# cd /usr/local/bandwidthd/bandwidthd/etc
shell# vi bandwidthd.conf
[root@nagios etc]# more bandwidthd.conf
####################################################
# Bandwidthd.conf
#
# Commented out options are here to provide
# documentation and represent defaults

# Subnets to collect statistics on.  Traffic that
# matches none of these subnets will be ignored.
# Syntax is either IP Subnet Mask or CIDR
subnet 10.155.3.0/24
subnet 10.155.10.0/24
subnet 10.155.20.0/24
subnet 10.155.30.0/24
subnet 10.155.40.0/24
subnet 10.155.50.0/24
subnet 10.155.255.0/24
#subnet 192.168.0.0/16
#subnet 172.16.0.0/12

# Device to listen on
# Bandwidthd listens on the first device it detects
# by default.  Run "bandwidthd -l" for a list of
# devices.
dev "eth0"
#dev "any"
###################################################
# Options that don't usually get changed

# An interval is 2.5 minutes, this is how many
# intervals to skip before doing a graphing run
#skip_intervals 0

# Graph cutoff is how many k must be transfered by an
# ip before we bother to graph it
#graph_cutoff 1024

#Put interface in promiscuous mode to score to traffic
#that may not be routing through the host machine.
#promiscuous true

#Log data to cdf file htdocs/log.cdf
#output_cdf false
output_cdf true
#Read back the cdf file on startup
#recover_cdf false
recover_cdf true
#Libpcap format filter string used to control what bandwidthd see's
#Please always include "ip" in the string to avoid strange problems
#filter "ip"


#Draw Graphs - This default to true to graph the traffic bandwidthd is recording
#Usually set this to false if you only want cdf output or
#you are using the database output option.  Bandwidthd will use very little
#ram and cpu if this is set to false.
#graph true


#Set META REFRESH seconds (default 150, use 0 to disable).
#meta_refresh 150

shell# cd /var/www/html
shell# ln -s /usr/local/bandwidthd/bandwidthd/htdocs/ bandwidthd


设置完成后启动bandwidthd
shell# /usr/local/bandwidthd/bandwidthd/bandwidthd

#查看进程
shell# ps -aux|grep bandwidthd

#如果要结束进程
shell# killall bandwidthd

进程启动后,访问Bandwidthd
http://ip/bandwidthd


问题:
1.如果要监控整个网络,必须在网关上做,或者在交换机上设置镜像端口,否则可能只能记录某个网段的数据,而且不准。

2.测试发现很多时候P2P流量,例如迅雷下载被识别成HTTP下载,不知道为何。