Re: IP accounting per user
On Sun, 6 Jan 2002, martin f krafft wrote:
> also sprach Matthias Juchem <email@example.com> [2002.01.06.1914 +0100]:
> > Does Debian (potato or woody) have tools to account IP traffic per user?
> iptables, as others have suggested.
> AFAIK, the recommended method of doing this is to create a chain for
> every user or group of users that you intend to account for separately,
> then simply pass the packets through this chain with the appropriate
> filter on the UID, and then use iptables counting method to obtain
> usable values.
There is one problem with this: the module that matches user IDs
can only be used in the OUTPUT chain (as said in the netfilter how-to).
> i totally *need* to implement this sometime very soon. in fact, given
> a server that hosts web, mail, and ssh shell accounts for users, i need
> to keep track of traffic on a user level...
> heck, how can all this be automated and logged on something like a four
> times a day basis???
The big problem are the ssh shell accounts. The user can start almost any
program that listens on a socket. You wouldn't have log files from this
program and you can only account the outgoing traffic with iptables.
> since you can only really account for this at the router, and i, for
> one, can't do that, my strategy will most likely be to multiply the
> final total traffic by a factor.
There is a tool set, including a Linux kernel patch: UserIPacct
(http://ramses.smeyers.be/homepage/useripacct/). But I do not know how
stable it is. Besides, the last patch is for 2.4.6 and I need a more
up-to-date 2.4 kernel.
> you can stuff 1500 bytes into one packet on ethernet. over the past 20
> days, the average of my users has been about 700 bytes/packet, so the
> overhead is around 6%, which i'll just add to the top. it's not exact,
> but it'll do.
Is there a way to count incoming and outgoing packets per user?