Date: Sun, 14 Jan 2001 15:52:25 -0400 (AST) From: The Hermit Hacker <scrappy@hub.org> To: Edwin Groothuis <mavetju@chello.nl> Cc: Len Conrad <LConrad@Go2France.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: ip traffic accounting Message-ID: <Pine.BSF.4.31.0101141550080.599-100000@thelab.hub.org> In-Reply-To: <20010114131344.K94930@d9168.upc-d.chello.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
why not just install trafd? doesn't require any firewall rules to be
setup, it just monitors the ethernet device for traffic ...
I've been using that for months now, have two really simple scripts setup
to dump into a PostgreSQL database for analysis later:
-----------------------------------
#!/bin/sh
cd /usr/local/var/trafd
/usr/local/bin/trafsave fxp0
sleep 30
/usr/local/var/trafd/parse_log.pl
------------------------------------
------------------------------------
#!/usr/bin/perl
use DBI;
$dbname="hub_traf_stats";
$dbhost="db.hub.org";
$dbport="5432";
$dbuser="pgsql";
@dbconnarg=("dbi:Pg:dbname=$dbname;host=$dbhost;port=$dbport", $dbuser);
my $dbh = DBI->connect(@dbconnarg);
$dbh->{AutoCommit} = 0;
$add = $dbh->prepare("INSERT INTO stat_log VALUES ( ?, ?, ?, ? );");
open(IN, "/usr/local/bin/traflog -n |");
while(<IN>) {
chomp();
if(/client/) {
( $from, $from_port, $to, $to_port, $proto, $data, $all ) =
split(/\s+/);
if($from_port != "client") {
$port = $from_port;
} else {
$port = $to_port;
}
$add->execute( $from, $to, $port, $all );
}
}
$dbh->commit();
$dbh->disconnect();
exit;
------------------------------------
there, now you have all the data you could want, and a few simple SQL
queries, you have the reports you want too ...
On Sun, 14 Jan 2001, Edwin Groothuis wrote:
> On Sun, Jan 14, 2001 at 12:59:34PM +0100, Len Conrad wrote:
> > We'd like to use the netstat -ib command periodically to snapshot the
> > byte volumes to disk.
>
> I once tried to make a kind of ip-accounting-thingie for seeing
> what different services on my machine were eating the bandwith with
> ipfw:
>
> 300 allow tcp from any to thishost:www via xl0
> 310 allow tcp from any to thishost:smtp via xl0
> 320 allow tcp from any to thishost:ssh via xl0
> 330 allow udp from any to thishost:ntp via xl0
> 340 allow udp from any to thishost:domain via xl0
> 350 allow tcp from any:pop3 to thishost via xl0
> 360 allow tcp from any:smtp to thishost via xl0
> 370 allow tcp from any:www to thishost via xl0
> 380 allow tcp from any:ssh to thishost via xl0
> 390 allow udp from any:ntp to thishost via xl0
> 400 allow udp from any:domain to thishost via xl0
> xxx allow ip from any to thishost via xl0
>
> I once per hour got the statistics with "ipfw -a l" and then resetted
> it with "ipfw zero". Worked like a charm.
>
> Edwin
>
> --
> Edwin Groothuis | Interested in MUDs? Visit Fatal Dimensions:
> mavetju@chello.nl | http://fataldimensions.nl.eu.org/
> ------------------+ telnet://fataldimensions.nl.eu.org:4000
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0101141550080.599-100000>