From owner-freebsd-questions Sat Aug 11 13:38:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.carracing.com (mail.carracing.com [66.90.0.15]) by hub.freebsd.org (Postfix) with ESMTP id B81FB37B403 for ; Sat, 11 Aug 2001 13:38:19 -0700 (PDT) (envelope-from bill@carracing.com) Received: by mail.carracing.com (Postfix, from userid 1000) id 0A11513179; Sat, 11 Aug 2001 16:38:18 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.carracing.com (Postfix) with ESMTP id D5D4EF47C for ; Sat, 11 Aug 2001 16:38:18 -0400 (EDT) Date: Sat, 11 Aug 2001 16:38:18 -0400 (EDT) From: Bill Desjardins To: Subject: netstat output & traffic monitoring Message-ID: <20010811161546.S76987-100000@mail.carracing.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, First, what I am trying to do: I have about 300 webhosting customers on several machines. I want to implement traffic monitoring for all of the IP's that are aliased to each server for each vhost. Every vhost gets a static IP that is aliased to the loopback interface of the machine its hosted on. routing is handled by a route in the border routers to the machine they are aliased on. I am not looking for web traffic monitoring, but all traffic to that actual IP, no matter what it is (FTP,SSH...). The question I have is finding the best way to grab those statistics easily and with as little load as necessary as I want to keep stats every 5 minutes for billing purposes. One way I have thought about doing this is by using output of netstat and a simple perl script to parse output and load it into a db. the netstat command I want to use and its output are: [bill@stats.somesite.com] [/home/bill/] 77 # netstat -I lo0 -bn Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll lo0 16384 5933 0 633302 5933 0 633302 0 lo0 16384 127 127.0.0.1 5893 - 628718 5893 - 628718 - lo0 16384 66.90.0.56/32 66.90.0.56 3800 - 258944 0 - 0 - lo0 16384 66.90.0.57/32 66.90.0.57 57 - 26578 0 - 0 - lo0 16384 66.90.0.58/32 66.90.0.58 45 - 16873 0 - 0 - lo0 16384 66.90.0.59/32 66.90.0.59 56 - 22575 0 - 0 - lo0 16384 66.90.0.128/3 66.90.0.128 2338740 - 160127872 0 - 0 - lo0 16384 66.90.0.129/3 66.90.0.129 73 - 31337 0 - 0 - (sorry for the wrapped output) The question I have is that for each IP aliased to the loopback adapter, I see traffic only in the 'Ibytes' column, and not 'Obytes' column. is this correct? Is the traffic in the 'Ibytes' column total traffic of both in&out or would that just be a count on the request traffic coming into that IP? My other thoughts were to use IPF or IPFW, but I am unsure of the load it may use on my heavily loaded machines pushing a steady 30Mbit each. Any thoughts on this? TIA. Bill --------------------------------------------------------- Bill Desjardins - bill@carracing.com - (USA) 305.205.8644 http://www.CarRacing.com - Powered by FreeBSD/mod_perl http://www.FreeBSD.org - The Best OS money cant buy! http://www.EtherNeXt.com - Custom Co-Lo Solutions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message