From owner-freebsd-hackers  Sat Jun 29 19:09:10 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA03285
          for hackers-outgoing; Sat, 29 Jun 1996 19:09:10 -0700 (PDT)
Received: from who.cdrom.com (who.cdrom.com [204.216.27.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA03267
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 29 Jun 1996 19:09:07 -0700 (PDT)
Received: from cedb.dpcsys.com (cedb.DPCSYS.COM [165.90.143.3])
          by who.cdrom.com (8.6.12/8.6.11) with ESMTP id OAA18882
          for <freebsd-hackers@freebsd.org>; Sat, 29 Jun 1996 14:37:26 -0700
Received: from cedb (cedb.DPCSYS.COM [165.90.143.3]) by cedb.dpcsys.com (8.6.10/DPC-1.0) with SMTP id OAA27302; Sat, 29 Jun 1996 14:29:22 -0700
Date: Sat, 29 Jun 1996 14:29:22 -0700 (PDT)
From: Dan Busarow <dan@dpcsys.com>
X-Sender: dan@cedb
To: Brandon Gillespie <brandon@tombstone.sunrem.com>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: tcpdump etc
In-Reply-To: <Pine.BSF.3.91.960629093342.14347A-100000@tombstone.sunrem.com>
Message-ID: <Pine.SV4.3.91.960629142439.27195D-100000@cedb>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 29 Jun 1996, Brandon Gillespie wrote:
> I'm looking for a script that will sit on top of tcpdump and simply 
> record the total bytes used by each system it receives information about 

Here's what I use on a log file generated by tcpdump -t -n -q gateway
Each site I'm interested in has their own log file so no site name
logic is required.

Dan
-- 
 Dan Busarow                                                    714 443 4172
 DPC Systems                                                  dan@dpcsys.com
 Dana Point, California      83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <string.h>
#include <time.h>

char progname[256];
char errbuf[132];

main(int argc, char **argv)
{
	FILE *fp;
	char *cp;
	long bytes = 0;
	char filename[64];
	char line[255];
	int daily = 0;
	time_t now;

	strcpy(progname, argv[0]);
	while(argc > 1 && argv[1][0] == '-')
	{	switch(argv[1][1])
		{
			case 'd':
				daily = 1;
				break;
		}
		argc--;
		argv++;
	}
	if(argc == 2)
		strcpy(filename, argv[1]);
	else
	{	printf("usage: %s [-d] filename\n", progname);
		printf("       -d daily run\n");
		exit(1);
	}
	if((fp = fopen(filename, "r")) == (FILE *)NULL)
	{	printf("could not open %s\n", filename);
		exit(1);
	}
	while(fgets(line, 132, fp) != (char *)NULL)
	{
		cp = strtok(line, " ");
		while((cp = strtok((char *)NULL, " ")) != (char *)NULL)
		{
			if(!strcmp(cp, "tcp") || !strcmp(cp, "udp"))
			{	cp = strtok((char *)NULL, " ");
				bytes += strtol(cp, (char **)NULL, 10);
			}
		}
	}
	fclose(fp);
	if(daily)
	{	now = time(0);
		strftime(errbuf, 24, "%Y%m%d %H:%M ", localtime(&now));
		printf("%s %12ld\n", errbuf, bytes);
	 	truncate(filename, 0);
	}
	else
		printf("Total bytes = %ld\n", bytes);
}