I have an EdgeRouter PoE router which runs EdgeOS (Vyatta based). I'd like to monitor bandwidth usage by host. My goal is to get a list of total downloads/uploads by host.
It's not important to me whether the solution runs directly on the router or on a workstation in the same network.
I've tried several SNMP apps that give me a total for the entire network, but I'd like to break it down by host.
There are two options.
1) Netflow as suggested by Teftin or 2) Analyze the traffic stream
To implement option #2, you need either:
a. Network tap - more hardware but no performance impact to router. Some taps will provide two traffic streams (think ethernet TX pin in each direction). The two streams need to be bonded in the analysis device.
b. Mirror (or span) port on the router if supported - will consume some router resources. No bonding needed.
Then you need an analysis device to analyze the traffic stream. Depending on your needs & budget, consider using an old laptop/workstation running:
Two other tools that I have not used but look promising are:
If you really want all the messy details, check-out the 'Network Monitoring vs. Network Insight' whitepaper I wrote at protectus.com. (Full disclosure, I work there.)
In general, usual way of achieving this kind of monitoring is using netflow. This will require:
Realize this was asked about a year ago, but Ubiquiti added DPI (deep packet inspection) to the EdgeRouter line of products recently (for free) in the firmware v1.7.0 release. Firmware v.1.8 (currently in beta) will offer DPI for all traffic, where v1.7 only handled traffic that was hardware offloaded. Setting can be enabled fully and does application layer analysis, or host only mode.
See HERE.