[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Traffic Accounting

Volker Tanger wrote:
> Greetings!
> On 19 Jul 2003 23:35:08 +0300 kgb <kgb@kgb.netel.bg> wrote:
> > Which is best way for traffic accounting i use ipac-ng but i don't
> > like it anymore because it make my system under high load.
> If you don't want to mess around with IPtables just to do traffic
> accounting, you could try
> 	http://wyae.de/software/trafan/
> which works even from a third machine - just plug in and be 
> happy. I do
> not have any experiences with high load scenarios, though.
Don't use it. I've been through many open source and self-made IP accounting
tools, and using tcpdump is not what one would like. It gets really messy on
high throughput.
The greatest problem with ipac-ng is it's resource consumption under high

I've been through all of this, and built my own package. It uses iptables,
because it's easy to set up and got relatively fast lookup times, a C
program to parse iptables output and write "database" files, and some small
shell/awk scripts to summarize the database. Data is stored inside a
directory tree, nearly no data is looked up/parsed from that, and it's laid
out that it's easy to summarize on a monthly basis.

It works for me (on an E3) and at some customers' sites for at least 1.5
years, basically unchanged. System load maximizes at ~1.5 on a 1100 Athlon
w/ 3xIntel eepro and 3 slow IDE HDDs.

I'm planning to separate all those accounting chains by class-c though, this
should speed up both kernel lookup latency and iptables output.

I can make my scripts available, but (as it's not packaged in any way), only
on personal request.


Reply to: