Re: Traffic Accounting
Volker Tanger wrote:
> On 19 Jul 2003 23:35:08 +0300 kgb <firstname.lastname@example.org> wrote:
> > Which is best way for traffic accounting i use ipac-ng but i don't
> > like it anymore because it make my system under high load.
> If you don't want to mess around with IPtables just to do traffic
> accounting, you could try
> which works even from a third machine - just plug in and be
> happy. I do
> not have any experiences with high load scenarios, though.
Don't use it. I've been through many open source and self-made IP accounting
tools, and using tcpdump is not what one would like. It gets really messy on
The greatest problem with ipac-ng is it's resource consumption under high
I've been through all of this, and built my own package. It uses iptables,
because it's easy to set up and got relatively fast lookup times, a C
program to parse iptables output and write "database" files, and some small
shell/awk scripts to summarize the database. Data is stored inside a
directory tree, nearly no data is looked up/parsed from that, and it's laid
out that it's easy to summarize on a monthly basis.
It works for me (on an E3) and at some customers' sites for at least 1.5
years, basically unchanged. System load maximizes at ~1.5 on a 1100 Athlon
w/ 3xIntel eepro and 3 slow IDE HDDs.
I'm planning to separate all those accounting chains by class-c though, this
should speed up both kernel lookup latency and iptables output.
I can make my scripts available, but (as it's not packaged in any way), only
on personal request.