Date: Mon, 17 Jan 2005 13:26:33 -0800 From: Jon Simola <jsimola@gmail.com> To: Andrew Seguin <asegu@borgtech.ca>, freebsd-net@freebsd.org Subject: Re: Network accounting Message-ID: <8eea0408050117132657045645@mail.gmail.com> In-Reply-To: <20050117201513.3388954A5@borgtech.ca> References: <20050117201513.3388954A5@borgtech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Jan 2005 21:11:13 +0100, Andrew Seguin <asegu@borgtech.ca> wrote: > But, here's my situation. A dedicated FreeBSD transparent firewall-bridge > with 3 NICs (two for the bridge w/o IP, one for console). I'm using IPFW for > the firewall, and at the moment I'm doing some very bare-bones statistics > via a couple of count rules. I track abusive users through random usage of > TCPDump (when I feel like it basically). What I was doing with the same setup: $IPFW pipe 1 config mask src-ip 0xffffffff buckets 512 $IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512 $IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged $IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged Then 'ipfw pipe 1 show' gives you cumulative upload BW usage, and 'ipfw pipe 2 show' gives download usage. Every 15 minutes I had a perl script that ran, computed the difference in the current and last counts, and logged that to a mySQL database. Then I could query the database at will for usage stats or make graphs. I've been running that system and billing a few hundred customers with it for about 3 years now.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea0408050117132657045645>