Re: accounting total traffic

To: debian users <debian-user@lists.debian.org>
Cc: joostvb@debian.org
Subject: Re: accounting total traffic
From: joost@topaz.mdcc.cx (Joost Kooij)
Date: Thu, 19 Jul 2001 14:18:26 +0200
Message-id: <[🔎] 20010719141826.E17310@topaz.mdcc.cx>
In-reply-to: <[🔎] 20010719030525.A10280@fishbowl.madduck.net>

On Thu, Jul 19, 2001 at 03:05:25AM +0200, Martin F. Krafft wrote:
> i need to get a semi-exact idea of the traffic through one of our
> servers, in and out. i understand that netstat -s gives me interface
> statistics, but there are two problems with it:
> 
> (a) it lists packets only. as i understand, a packet is not always the
> same size. so that's no big use.
> 
> (b) i absolutely need to cope with the disaster case in which the
> server goes down - netstat would loose all data...

Use ipchains.  It counts both packets and bytes.  It makes tracking 
traffic by type simple, just create rules that match those connections 
without a jump target.

Then setup a cron job that lists and resets the counters and mails
the data to a collector address.  You get all the robustness of the
smtp mail system for free, if it is already there.  Set the job
interval appropriate for the amount of data loss is tolerable in
case of an uncontrolled outage.  Possibly, you can also get the stats
data every minute and queue them up for an hourly mail sending.
If you have this in place, then adding kernel logging from ipchains
is a simple extension.

On the receiver side, setup a dedicated user account that receives
the stats mails and archives, indexes, processes and crossreferences
the data.  Write a reporting system that can publish reports on the
web or by email.  If you have it working, let the other hosts in your
network send their data for processing.

If you like this, then look into the "lire" package and see how much
of this is already implemented.  The lire people are happy with your
patches, I'm sure.

> there is iptables/ipchains, but (b) still applies. i figure that there
> has to be a way to record these data without going higher up the
> provider hierarchy, right? any ideas? i don't like daily ipchains
> accounting mails and subsequent counter flushes...

Why not?  It would be the most straightforward implementation of what
you're asking for.  I can see that you don't like to create all the
overhead yourself, so look into the lire package.

Cheers,

Joost

Reply to:

References:
- accounting total traffic
  - From: "Martin F. Krafft" <madduck@madduck.net>

Prev by Date: Gateway Bandwidth Control
Next by Date: RE: my console.
Previous by thread: Re: accounting total traffic
Next by thread: free software likes http://remindme.arsdigita.com/
Index(es):
- Date
- Thread