This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I log / monitor the used bandwidth externally?

Hey everyone,
As the topic says, I'm searching for a way to log the utilization of my network externally.
So I found this: https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/31918/monitor-bandwidth-usage, bus as far as I can see, IPTraf will only give me insights when I log into the console.
I'd prefer in the most simple way something which logs it into a file.

I wouldn't even care (but instead prefer!) if it would write just a single line into a text file and overwrite it continuously.
On my network, I got a media server with some friends beeing able to access media from it via my internet connection.
I don't care what they do - but would be interested to see how much my PPPoE is utilized throughout the day.

As I use home automation, I could parse this line with the home automation server software I use (IP-Symcon), this could be written into a variable and displayed in nice graphs and do all kind of calculations.

Do you have any idea what I could do? I even enabled syslog-logging, but from what I've seen so far, this information is not useful at all.
Regards,
Matthias



This thread was automatically locked due to age.
Parents
  • Matthias, that thread is over ten years old, and a lot of capability has been added.  Look at the 'Bandwidth Usage' tab in 'Logging & Reporting >> Network Usage'.

    If the access is always via HTTP/S, then, with some extra effort, you could use the custom, automatically-emailed reports in 'Logging & Reporting >> Web Protection'.  If you're interested in that, please open a new thread with that question.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for the hint - but I already knew both of it.
    My idea is to log / view this data live, maybe even on the go - without using VPN, logging in etc.
    I'd like to get the data outside of UTM somehow - isn't there any idea / solution.
    Regards,
    Matthias

  • Hi Matthias,

    The monitoring is possible via graphs and reports as mentioned by Bob. I don't think an additional feature will be incorporated when an alternative is available. You can still raise it as a feature request here and cast your votes.

    Fingers crossed.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I'm not using it - but I know a lot of people / companies use NAGIOS, so they can get the syslog-info. But this would not help them to have the utilization info in one place.
    Same for me - its not Nagios - but I try to have it integrated in the (quite powerful) home automation.
    Regards,

    Matthias

  • Thanks,

    so I checked for alternatives...
    What do you guys think of SNMP? With SNMPWALK I've seen that there are pages over pages of data!
    The only problem I got is, I can not find the bandwidth currently used (or any average).

    So the MIB database is not helpful at all - it just represents ~10% of the data seen with SNMPWALK. 

     

    But within all this data (I tried two tools) GetIF & OiDView, I haven't found the appropriate values. I mean, I'd "take" everything - a percentage, a bit value, a byte value etc.

    Anyone that can help here to find the right OIDs?
    The only I found which are related to anything close to the speed are the transferred octects (in & out) but in my opinion, the polling time is a major factor here - so I'd rather use anything else if possible.
    The "interface speed" just gives the optimum / rated speed of the interfaces (for e.g. mine are each 1Gbit/s)
    Regards,
    Maeffjus

  • Matthias, I don't think the information is available from the UTM via SNMP.  Have you considered iView?  What about IPFIX which is configured on the 'Settings' tab of 'Logging & Reporting >> Reporting Settings'?  Could you get what you need with something like Splunk and 'Remote Syslog'?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Matthias, I don't think the information is available from the UTM via SNMP.  Have you considered iView?  What about IPFIX which is configured on the 'Settings' tab of 'Logging & Reporting >> Reporting Settings'?  Could you get what you need with something like Splunk and 'Remote Syslog'?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • I beg to differ.

    I managed it - and so can all other as well with whatever tool, it needs a command line utility which gives back an answer.

    So I inquire every 60 seconds for the updated values of octets in an out for my eth0. (PPPOE interface OID changes with every reconnection attempt)

    I deduct the value collected 60 seconds earlier from the new one. The result is the 60 seconds average bytes.

    This gets multiplied with 8 (bits) and divided by 60 000 000.

    This will give me the Mbit/s average for each minute.

    Hope this can help anyone else that wants to log the speed like me.

    Regards,

    Matthias

  • Please share the details with us, Matthias.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Balfson,

     

    I just saw that I forgot to answer, what I'm doing in the Software (IP-Symcon, programmed in PHP) is in the Code that follows, it is using SNMP and faily simple.
    In fact I just check every 60s about the Bytes sent and received and calculate the Delta, which is divided by 60. Thisi s my Speed.
    Sorry that the variables are in german partially, but I'm german :-) I guess you can still understand what the script does.

    <?
    // *****************************************************************************
     //$host           = "192.168.178.44"; // IP Adresse der UTM
     //$community      = "public"; // SNMP Community
     $binary = "C:\IP-Symcon\modules\SNMP-Get\SnmpGet.exe";
     $data = " -r:192.168.1.1 -t:10 -c:public -o:.";
    // *****************************************************************************
    //SNMP Query Funktion
    function snmp($oid)
    {
        global $binary, $data;
        //$oid = ltrim($oid,".");
        $value = IPS_Execute($binary, "$data$oid", false, true);
        $value = trim($value);
        return $value;
     }
    $in_alt=GetValueFloat(17435 /*[Komponenten\Sophos UTM\SNMP-Get Sophos UTM\in]*/);
    $out_alt=GetValueFloat(11891 /*[Komponenten\Sophos UTM\SNMP-Get Sophos UTM\out]*/);
    // *****************************************************************************
    //Augehend
    $string = snmp ("1.3.6.1.2.1.2.2.1.16.3")."\n";
    $out = explode("Value=", $string);

    //Eingehend
    $string2 = snmp ("1.3.6.1.2.1.2.2.1.10.3")."\n";
    $in = explode("Value=", $string2);
    $out =Floatval($out[1]);
    $in =Floatval($in[1]);
    $data_in=$in-$in_alt;
    $data_out=$out-$out_alt;
    If ($data_in<0)
    {$data_in=0;}
    If ($data_out<0)
    {$data_out=0;}
    SetValueFloat(17435 /*[Komponenten\Sophos UTM\SNMP-Get Sophos UTM\in]*/, $in);
    SetValueFloat(11891 /*[Komponenten\Sophos UTM\SNMP-Get Sophos UTM\out]*/, $out);
    $speed_in=(($data_in)*8)/60000000; //in Mbit/s
    SetValueFLoat(14008 /*[Komponenten\Sophos UTM\Speed-IN]*/, (round($speed_in, 2)));
    $speed_out=(($data_out)*8)/60000000; //in Mbit/s
    SetValueFLoat(48171 /*[Komponenten\Sophos UTM\Speed-OUT]*/, (round($speed_out, 2)));
    //******************************************************************************
    // Linkstatus
    $integer = snmp ("1.3.6.1.2.1.2.2.1.8.3")."\n";
    $stat_value = explode("Value=", $integer);
    $stat_value =Floatval($stat_value[1]);
    If ($stat_value == 1) {
     $status="up";
     SetValueBoolean(35430 /*[Komponenten\Sophos UTM\LinkStatus UTM]*/, true);}
     elseif ($stat_value == 2) {
     $status="down";
     SetValueBoolean(35430 /*[Komponenten\Sophos UTM\LinkStatus UTM]*/, false);}
     elseif ($stat_value == 3) {
     $status="testing";}
    print $status;
    ?>