[ILUG] Counting data transfer with iptables
Peter McEvoy
pete at yerma.org
Sat Jun 18 21:35:40 IST 2005
On Sat, Jun 18, 2005 at 08:28:43PM +0100, Niall O Broin wrote:
> I was asked if it were possible to see what services on a server were
> contributing to data transfer usage. The colo provider provides
> aggregate usage but we have no way of knowing what's using what. The
> box is a web and mail server, and it's likely that the majority of the
> transfer is http, but it'd be nice to know more accurately.
ipac-ng should do what you need - the following in
/etc/ipac-ng/rules.conf;
# smtp (port 25)
tomachine in smtp|ipac~i|+|tcp|0/0|0/0 25
tomachine out smtp|ipac~o|+|tcp|0/0 25|0/0
# http (port 80)
tomachine in http|ipac~i|+|tcp|0/0|0/0 80
tomachine out http|ipac~o|+|tcp|0/0 80|0/0
# https (port 443)
tomachine in https|ipac~i|+|tcp|0/0|0/0 443
tomachine out https|ipac~o|+|tcp|0/0 443|0/0
(and using 'tonet' with similar rules for traffic going the opposite
direction)
Gets me;
mail:~# ipacsum |egrep 'http|smtp'
tomachine in http : 3G
tomachine in https : 26K
tomachine in smtp : 12G
tomachine out http : 30G
tomachine out https : 96K
tomachine out smtp : 407M
tonet in smtp : 882M
tonet out smtp : 26G
ipacsum can do a lot more than spit out text too.
Cheers
--
Pete
More information about the ILUG
mailing list