This topic contains 6 replies, has 0 voices, and was last updated by 
-
Posts
-
Can anybody tell me how to dump source, destination ip’s & ports of traffic using the QOS Default rule (similar to tcpdump output) as I’m struggling to find out which hosts are serving unclassified traffic.
It would also appear the rules are not processed in order eg.
25 * * MARK tcp opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged tcp spt:110 MARK set 0x21 PW_POP
26 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged tcp dpt:110 MARK set 0x21 PW_POP56 * * MARK all opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged MARK set 0x39 PW_TEST no
57 * * MARK all opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged MARK set 0x39 PW_TEST noRule 56 & 57 take precedence over rules 25 & 26 which makes it cumbersome to added rules to catch non classified traffic on a per host basis and wondered if anybody can confirm this is the correct behaviour.
I’ve also knocked up QOS traffic logging to a MySql database using a remote host and ssh, php and ajax for real time (ish) graphs if anybody’s interested??
Thanks for a sweet product Fulvio 🙂
Richard
B8 on a pair of HP DL360g3 2.8 Xeon in spanning tree failover config
20meg EtherDIA connection
FW & QOS Rule mirroringI’ve also knocked up QOS traffic logging to a MySql database using a remote host and ssh, php and ajax for real time (ish) graphs if anybody’s interested??
HELL YEA!!!
I was just asked this morning to work on extending historical graphing of top talkers/listeners, dates/times used bandwidth, etc…
Whatever you can/will share would be a HUGE benefit to my project here.
Per your question though, I’ve only seen the connection tracking lok (in the firewall section). I haven’t seen a piece that dumps the QOS logs (yet) in Zeroshell.
Regards,
GHi G
Here you go then:
http://www.proweb.net/zeroshell_stats_logging_howto.php
Be my guest, it’s a little rough around the edges but works for me. Let me know how you get on with it and please feed back any improvements.
Cheers
Rich
It would appear after further testing that the QOS rules are processed in reverse order eg.
1 * * MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 MARK set 0xc LOCAL
does not take precidence over:
26 * * MARK tcp opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged tcp spt:110 MARK set 0x21 PW_POP
27 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged tcp dpt:110 MARK set 0x21 PW_POPThanks a ton for the link; I will look it over and hook it up.
G
Hi G,
I’ve updated the real time graph to show the max rate over the last 24 hours against each rule name which saves clicking on each rule to check the historical graph, it’s in the zip if you want to grab a new copy.
Cheers
R
That’s great. Thanks a bunch!
G
Richard, I have just linked your useful how-to from the documentation section.
Regards
Fulvio
You must be logged in to reply to this topic.