From owner-freebsd-questions Sun Jan 14 11:54:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from thelab.hub.org (SHW2-220.accesscable.net [24.71.145.220]) by hub.freebsd.org (Postfix) with ESMTP id 4931137B400 for ; Sun, 14 Jan 2001 11:54:36 -0800 (PST) Received: from localhost (scrappy@localhost) by thelab.hub.org (8.11.1/8.11.1) with ESMTP id f0EJqQV04368; Sun, 14 Jan 2001 15:52:26 -0400 (AST) (envelope-from scrappy@hub.org) X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs Date: Sun, 14 Jan 2001 15:52:25 -0400 (AST) From: The Hermit Hacker To: Edwin Groothuis Cc: Len Conrad , Subject: Re: ip traffic accounting In-Reply-To: <20010114131344.K94930@d9168.upc-d.chello.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG why not just install trafd? doesn't require any firewall rules to be setup, it just monitors the ethernet device for traffic ... I've been using that for months now, have two really simple scripts setup to dump into a PostgreSQL database for analysis later: ----------------------------------- #!/bin/sh cd /usr/local/var/trafd /usr/local/bin/trafsave fxp0 sleep 30 /usr/local/var/trafd/parse_log.pl ------------------------------------ ------------------------------------ #!/usr/bin/perl use DBI; $dbname="hub_traf_stats"; $dbhost="db.hub.org"; $dbport="5432"; $dbuser="pgsql"; @dbconnarg=("dbi:Pg:dbname=$dbname;host=$dbhost;port=$dbport", $dbuser); my $dbh = DBI->connect(@dbconnarg); $dbh->{AutoCommit} = 0; $add = $dbh->prepare("INSERT INTO stat_log VALUES ( ?, ?, ?, ? );"); open(IN, "/usr/local/bin/traflog -n |"); while() { chomp(); if(/client/) { ( $from, $from_port, $to, $to_port, $proto, $data, $all ) = split(/\s+/); if($from_port != "client") { $port = $from_port; } else { $port = $to_port; } $add->execute( $from, $to, $port, $all ); } } $dbh->commit(); $dbh->disconnect(); exit; ------------------------------------ there, now you have all the data you could want, and a few simple SQL queries, you have the reports you want too ... On Sun, 14 Jan 2001, Edwin Groothuis wrote: > On Sun, Jan 14, 2001 at 12:59:34PM +0100, Len Conrad wrote: > > We'd like to use the netstat -ib command periodically to snapshot the > > byte volumes to disk. > > I once tried to make a kind of ip-accounting-thingie for seeing > what different services on my machine were eating the bandwith with > ipfw: > > 300 allow tcp from any to thishost:www via xl0 > 310 allow tcp from any to thishost:smtp via xl0 > 320 allow tcp from any to thishost:ssh via xl0 > 330 allow udp from any to thishost:ntp via xl0 > 340 allow udp from any to thishost:domain via xl0 > 350 allow tcp from any:pop3 to thishost via xl0 > 360 allow tcp from any:smtp to thishost via xl0 > 370 allow tcp from any:www to thishost via xl0 > 380 allow tcp from any:ssh to thishost via xl0 > 390 allow udp from any:ntp to thishost via xl0 > 400 allow udp from any:domain to thishost via xl0 > xxx allow ip from any to thishost via xl0 > > I once per hour got the statistics with "ipfw -a l" and then resetted > it with "ipfw zero". Worked like a charm. > > Edwin > > -- > Edwin Groothuis | Interested in MUDs? Visit Fatal Dimensions: > mavetju@chello.nl | http://fataldimensions.nl.eu.org/ > ------------------+ telnet://fataldimensions.nl.eu.org:4000 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message