Re: Traffic Accounting
Volker Tanger wrote:
>
> Greetings!
>
> On 19 Jul 2003 23:35:08 +0300 kgb <kgb@kgb.netel.bg> wrote:
>
> > Which is best way for traffic accounting i use ipac-ng but i don't
> > like it anymore because it make my system under high load.
>
> If you don't want to mess around with IPtables just to do traffic
> accounting, you could try
>
> http://wyae.de/software/trafan/
>
> which works even from a third machine - just plug in and be
> happy. I do
> not have any experiences with high load scenarios, though.
>
Don't use it. I've been through many open source and self-made IP accounting
tools, and using tcpdump is not what one would like. It gets really messy on
high throughput.
The greatest problem with ipac-ng is it's resource consumption under high
loads.
I've been through all of this, and built my own package. It uses iptables,
because it's easy to set up and got relatively fast lookup times, a C
program to parse iptables output and write "database" files, and some small
shell/awk scripts to summarize the database. Data is stored inside a
directory tree, nearly no data is looked up/parsed from that, and it's laid
out that it's easy to summarize on a monthly basis.
It works for me (on an E3) and at some customers' sites for at least 1.5
years, basically unchanged. System load maximizes at ~1.5 on a 1100 Athlon
w/ 3xIntel eepro and 3 slow IDE HDDs.
I'm planning to separate all those accounting chains by class-c though, this
should speed up both kernel lookup latency and iptables output.
I can make my scripts available, but (as it's not packaged in any way), only
on personal request.
Thomas
Reply to: