[H-GEN] Bandwidth logging of internet broadband for local network

Paul Gearon pag at PISoftware.com
Wed Feb 20 01:34:44 EST 2002


[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

On Wed, 20 Feb 2002, Paul Gearon wrote:

> There've been a few other suggestions, but I'd be inclined to try using
> iptables (if you're running a 2.4.x kernel or higher) with a ULOG target
> (not enabled by default, but easy enough to put in  :-)
>
> You can then run ulogd to log the packets to a file, syslog, or mySQL.
> Debian has ulogd and ulogd-mysql packages (I assume it's readily available
> for other distros).

Well I knew that this was overkill (it was introduced to me as a method of
logging packets after intrusion detection, and I *did* know that it was
going to generate huge logs, I just find it fun doing this stuff :-)  but
I've now found out how to do it the right way.

Again, it uses iptables, but it turns out that all the targets log stats,
including byte counts.

You can set up an accounting chain:
iptables -N ACCOUNTING

Then start sending packets through it (I have both masqued and forwarded
packets here, and I've done it both ways):
iptables -A INPUT -i eth0 -o eth1 -j ACCOUNTING
iptables -A FORWARD -i eth0 -o eth1 -j ACCOUNTING
iptables -A INPUT -i eth1 -o eth0 -j ACCOUNTING
iptables -A FORWARD -i eth1 -o eth0 -j ACCOUNTING

You can then type "iptables -L ACCOUNTING -v" for the number of packets,
byte counts, etc.  Use a -x option to get exact byte counts.

You can also set up different chains for different users... just filter
the different IPs to go to seperate user-defined chains.

I'm sure the experts in here (of which I am *not* one) can give you more
complete info on doing this.

Regards,
Paul Gearon

Software Engineer                Telephone:   +61 7 3876 2188
Plugged In Software              Fax:         +61 7 3876 4899
http://www.PIsoftware.com        PGP Key available via finger

Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
immane mittam.
(Translation from latin: "I have a catapult. Give me all the money,
or I will fling an enormous rock at your head.")



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list