Re: Accounting with iptables vs. snmp

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Richard Hauswald <staenker@rhcs.de>
To: netfilter@lists.netfilter.org
Subject: Re: Accounting with iptables vs. snmp
Date: Tue, 26 Apr 2005 16:15:29 +0200	[thread overview]
Message-ID: <426E4D01.3010105@rhcs.de> (raw)
In-Reply-To: <200504261345.45177.S.Guenther@in-put.de>

Stefan-Michael. Guenther (in-put GbR) wrote:
> Hi,
> 
> using iptables I have setup a traffic accounting on one of our client's 
> gateways:
> 
> iptables -A INPUT -i $WAN -j LOG --log-level debug
> iptables -A OUTPUT -o $WAN -j LOG --log-level debug
> iptables -A FORWARD -j LOG --log-level debug
> 
> syslogd collects the entries in a single file which is analysed daily.
> 
> The results corresponds to the amount of data I get with "iptables -L -v -n" .
> 
> The provider of our client uses snmp on his router to calculate the traffic.
> 
> Strange, but true: The numbers are never the same, sometimes iptables logs 
> more traffic, sometimes snmp. The differences are between 1 and 25 %.
> 
> Obviously someone is doing something wrong. The provider is one of Germany's 
> big player, so I guess I made the mistake. But where and why?
> 
> Thanks for any hint.
> 
> Stefan

Hello Stefan,
maybe (!)... your problem is simple so solve. You are appending this 
rules with the LOG target. So you will not count traffic which is 
blocked. Just write an -I instead of -A. But i don't know if thats the 
problem which took up to 25% of traffic difference. It sounds very 
strange, if you say that some times you count more than your provider 
and another day your provider counts more. Maybe you have an failure 
based on rounding the bytes to megabytes?

Regards
Richard

-- 
There are only 10 types of people in the world:
Those who understand binary, and those who don't

next prev parent reply	other threads:[~2005-04-26 14:15 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-26 11:45 Accounting with iptables vs. snmp Stefan-Michael. Guenther (in-put GbR)
2005-04-26 14:15 ` Richard Hauswald [this message]
2005-04-26 19:26 ` Steven M Campbell
     [not found] <0MKsEO-1DQUpM3MdQ-00057r@mxeu13.kundenserver.de>
2005-04-26 19:17 ` Stefan-Michael. Guenther (in-put GbR)
2005-04-26 22:32   ` Richard Hauswald

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=426E4D01.3010105@rhcs.de \
    --to=staenker@rhcs.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.