> > > > i've been pretty impressed with nfsen. took a little bit of fiddling to > > figure out, but lets me drill down into things pretty well. > > Seconded. nfsen is awesome. Bit of a learning curve, but extremely > powerful once you get the hang of it! > > You can also use iptables and the ULOG target to generate "flow" > information from your Linux boxes and send the output to nfsen/nfcapd > as well! > > Ray I'm not trying to hijack this thread but do you find any significant overhead involved with using the ULOG target or packet loss in your statistics? Would you have a ULOG target very early on in your FORWARD filter to log all packets? Do those packets go to a ulogd instance and then to disk (rrd to limit disk usage) for nfsen to use? I'm concerned with losing packets in my current ntop configuration (not using pf_ring) and am looking at less obtrusive alternatives like gulp or ulog to first get ALL of the packets and with as little overhead as possible move that data to a location where analysis can happen using ntop or nfsen. Thanks.