Date: Sat, 11 Aug 2001 16:38:18 -0400 (EDT) From: Bill Desjardins <bill@carracing.com> To: <freebsd-questions@freebsd.org> Subject: netstat output & traffic monitoring Message-ID: <20010811161546.S76987-100000@mail.carracing.com>
next in thread | raw e-mail | index | archive | help
Hello, First, what I am trying to do: I have about 300 webhosting customers on several machines. I want to implement traffic monitoring for all of the IP's that are aliased to each server for each vhost. Every vhost gets a static IP that is aliased to the loopback interface of the machine its hosted on. routing is handled by a route in the border routers to the machine they are aliased on. I am not looking for web traffic monitoring, but all traffic to that actual IP, no matter what it is (FTP,SSH...). The question I have is finding the best way to grab those statistics easily and with as little load as necessary as I want to keep stats every 5 minutes for billing purposes. One way I have thought about doing this is by using output of netstat and a simple perl script to parse output and load it into a db. the netstat command I want to use and its output are: [bill@stats.somesite.com] [/home/bill/] 77 # netstat -I lo0 -bn Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll lo0 16384 <Link#4> 5933 0 633302 5933 0 633302 0 lo0 16384 127 127.0.0.1 5893 - 628718 5893 - 628718 - lo0 16384 66.90.0.56/32 66.90.0.56 3800 - 258944 0 - 0 - lo0 16384 66.90.0.57/32 66.90.0.57 57 - 26578 0 - 0 - lo0 16384 66.90.0.58/32 66.90.0.58 45 - 16873 0 - 0 - lo0 16384 66.90.0.59/32 66.90.0.59 56 - 22575 0 - 0 - lo0 16384 66.90.0.128/3 66.90.0.128 2338740 - 160127872 0 - 0 - lo0 16384 66.90.0.129/3 66.90.0.129 73 - 31337 0 - 0 - (sorry for the wrapped output) The question I have is that for each IP aliased to the loopback adapter, I see traffic only in the 'Ibytes' column, and not 'Obytes' column. is this correct? Is the traffic in the 'Ibytes' column total traffic of both in&out or would that just be a count on the request traffic coming into that IP? My other thoughts were to use IPF or IPFW, but I am unsure of the load it may use on my heavily loaded machines pushing a steady 30Mbit each. Any thoughts on this? TIA. Bill --------------------------------------------------------- Bill Desjardins - bill@carracing.com - (USA) 305.205.8644 http://www.CarRacing.com - Powered by FreeBSD/mod_perl http://www.FreeBSD.org - The Best OS money cant buy! http://www.EtherNeXt.com - Custom Co-Lo Solutions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010811161546.S76987-100000>