This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bandwidth Usage completely wrong?

UTM: 9.204-19
2 Nics: Internal LAN and External WAN (PPPOE DSL 16MBit/1MBit)

LinuxVM behind the UTM Firewall

1. BTsync Traffic over 2GB from WAN -> where is it?!
2. Wget ISO File 270MB from WAN -> shown as 121MB http traffic?!

this is very disappointing..

This thread was automatically locked due to age.

Parents

0 teched_01 over 10 years ago

Overall how do the packet length sums in the reporting database data look? (afc_proto 60 is listed as bittorrent and 0 is unclassified)

psql reporting -U reporting -c "SELECT afc_proto, cast(SUM(raw_in_pktlen) AS bigint) AS total_raw_in_pktlen, cast(SUM(raw_out_pktlen) AS bigint) AS total_raw_out_pkt_len, cast(SUM(raw_in_pktlen + raw_out_pktlen) AS bigint) AS combined_total_pktlen FROM accounting WHERE logday:[:D]ate = '2014-07-22' GROUP BY afc_proto ORDER BY afc_proto;"

Just the unclassified:

 psql reporting -U reporting -c "SELECT SUM(raw_in_pktlen), SUM(raw_out_pktlen) FROM accounting WHERE logday:[:D]ate = '2014-07-22' AND afc_proto = 0;"

"Raw" data for UDP port 25646:

psql reporting -U reporting -c "SELECT * FROM accounting WHERE logday:[:D]ate = '2014-07-22' AND ip_protocol = 17 AND l4_dport = 25646;"

Review historical daily totals (in megabytes)

psql reporting -U reporting -c "SELECT logday:[:D]ate, cast(SUM(raw_in_pktlen) AS bigint) /1048576 AS total_raw_in_pktlen, cast(SUM(raw_out_pktlen) AS bigint) /1048576 AS total_raw_out_pkt_len, cast(SUM(raw_in_pktlen + raw_out_pktlen) AS bigint) /1048576 AS combined_total_pktlen FROM accounting GROUP BY logday ORDER BY logday desc;"

Adjust commands for date as needed.

The above will help to confirm that the classifier is seeing the traffic and data it is making it to the reporting database.

Reply