[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: explanation of the syslog LEN and WINDOW entries
From:       Jeff Jensen <jjensen () unyalli ! com>
Date:       2009-10-30 14:15:49
Message-ID: b376a78e0910300715q67dca354x46ea44eda213114f () mail ! gmail ! com
[Download RAW message or body]

Thank You John, was not thinking this direction at all. After reading
many articles found by google on this search criteria let me ask
another question please.

Currently I don't use user created chains. Don't like em makes the
script hard to follow. If I re-train my entire thought process to use
user created chains could I get per protocol stats? For instance if I
had an FTP chain could I get an hourly total used by FTP? This would
be a total of control channel, active data channel, and passive data
channel.




On Wed, Oct 28, 2009 at 9:35 AM, John Haxby <john.haxby@oracle.com> wrote:
> 
> On 28/10/09 14:56, Jeff Jensen wrote:
> > 
> > The boss wants to know how much bandwidth is used by the different
> > app's we allow. I have some unique app's that run on unique port(s)
> > and rules that log all packets. I set the --log-prefix= to something
> > unique to that app and every day sort it out into individual files. I
> > was hoping to aggregate all the entries to a total bandwidth out and
> > it.
> > 
> 
> I do this slightly differently.   I collect information on a per-IP address basis \
> (this is all traffic flowing through a router) and within each table I have rows \
> that match a particular port/protocol and then just -j RETURN. 
> Every hour I run "iptables -vxnL <table> -Z" for each table and then merge the \
> counters into a database.  I have another process that periodically looks at the \
> database and produces pretty graphs of the per-machine, per-protocol usage.  (Well, \
> actually, I haven't done per-protocol yet, but I have the information needed.) 
> There's an accounting extension in xtables which would do the job better, but I \
> haven't attempted to persuade the xtables on CentOS 5 :-) 
> jch
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]