Re: IP Traffic accounting on a LAN

To: <debian-user@lists.debian.org>
Subject: Re: IP Traffic accounting on a LAN
From: "nate" <debian-user@aphroland.org>
Date: Mon, 23 Sep 2002 19:33:25 -0700 (PDT)
Message-id: <[🔎] 24052.216.39.174.24.1032834805.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20020924021459.GA21816@qk.com.au>
References: <[🔎] 20020924021459.GA21816@qk.com.au>

Lucas Barbuto said:

> So basically I'd like to know of tools for Exim and Squid that are
> capable of tracking the amount of data that has to be sent and received
> from the internet on a per user or per local IP address basis.  I've had
> a look around on Freshmeat and elsewhere but nothing's really jumped out
> at me.  Does anyone know of a way of doing this?  I'm sure I'm not the
> first person to have had this problem.  Any help would be much
> appreciated.

couple things,

if you have intelligent switches(who doesn't these days!) you can
run MRTG on the ports for each user and get ALL the traffic for them,
then you can pass the MRTG data to something like
http://www.geocities.com/josef_wendel/mrtg_total.html <- that to
count the bytes sent/recieved

sample:
http://portal.aphroland.org/~aphro/mrtg/combined.router.serial0.total.2002.html

(what can i say, i like the pretty graphs)

you can also run an accounting problem like ipfm(IP Flow Meter I think its
called). which is debianized. its pretty simple to setup(but theres lots
of ways to customize it). Sample output:

# IPFMv0.11.4 2002/09/07 00:00:00 -- dump every 0d01:00:00 -- listening on eth1
# Host                                  In (bytes)    Out (bytes)  Total
(bytes)backup-nh.mydomain.com                    416447786        8939817     
425387603192.168.100.82                             2734815      124684576     
127419391gumby.mydomain.com                      571193         288380         859573
mail-nh.mydomain.com                         212918         302810        
515728source.mydomain.com                        146260         286652         432912
192.168.100.255                             212234              0        
212234dev-nh.mydomain.com                          41232         123288        
164520

there may be a more robust log processing package for squid here:
http://www.squid-cache.org/Scripts/

(though I run squid, I have never looked into what your trying)

I would expect that if you were to turn on authentication with squid
(something else I haven't tried), that there would be a way to get stats
per user..

or you could setup accounting rules on the firewall for each ip,
but I think the ipfm stuff would be easier to setup&maintain then
accounting rules for each ip. no point in accounting for an ip that
doesn't generate any traffic!

nate

Reply to:

Follow-Ups:
- Re: IP Traffic accounting on a LAN
  - From: Lucas Barbuto <lucas@qk.com.au>

References:
- IP Traffic accounting on a LAN
  - From: Lucas Barbuto <lucas@qk.com.au>

Prev by Date: Re: Installation directories
Next by Date: Books on Xfree86
Previous by thread: IP Traffic accounting on a LAN
Next by thread: Re: IP Traffic accounting on a LAN
Index(es):
- Date
- Thread