From: Amos Jeffries <squid3@treenet.co.nz>
To: netfilter@vger.kernel.org
Subject: Re: (Ab)using iptables to record byte count per IP?
Date: Sat, 10 Jan 2009 15:55:33 +1300 [thread overview]
Message-ID: <49680E25.7030609@treenet.co.nz> (raw)
In-Reply-To: <1231502126.24038.15.camel@enterprise.ims-firmen.de>
Thomas Jacob wrote:
> On Fri, 2009-01-09 at 13:50 +0200, Artūras Šlajus wrote:
>> Richard Hartmann wrote:
>> > Hi all,
>> >
>> > I need to log the traffic each local IP in a NAT'ed network generates
>> > per day.
>> >
>> > Unfortunately, the environment is rather restricted and compiling new
>> > software is not an option. Thus, I am wondering if I can abuse iptables,
>> > which is in use anyway, to log for me, as well.
>> >
>> > The end result should be a log which contains IP, date and traffic
>> > generated. I don't really care about the output format as I will perl it
>> > into the format I need, anyway.
>>
>> iptables -N ACCOUNTING
>> iptables -A FORWARD -j ACCOUNTING
>> iptables -A ACCOUNTING -s your_user_ip -j ACCEPT
>> iptables -A ACCOUNTING -d your_user_ip -j ACCEPT
>>
>> bam, with iptables -L ACCOUNTING -n -v you can have packet/byte counters ;)
>
> Or you could use the external extension ipt_ACCOUNT
>
> http://www.intra2net.com/de/produkte/opensource/ipt_account/
>
> which does the same much faster and you don't have to
> specify lots of accounting rules. Unfortunately you need
> to patch your kernel for that, if you want to use it
> as is.
Whats needed and is anyone working towards getting that integrated properly?
AYJ
next prev parent reply other threads:[~2009-01-10 2:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-09 11:27 (Ab)using iptables to record byte count per IP? Richard Hartmann
2009-01-09 11:50 ` Artūras Šlajus
2009-01-09 11:55 ` Thomas Jacob
2009-01-09 12:46 ` Richard Hartmann
2009-01-10 2:55 ` Amos Jeffries [this message]
2009-01-09 12:44 ` Richard Hartmann
2009-01-09 17:10 ` Robert Nichols
2009-01-09 12:35 ` Pablo Neira Ayuso
2009-01-09 12:47 ` Richard Hartmann
2009-01-09 15:23 ` Payam Chychi
2009-01-09 23:27 ` Vlado Drz(ík
2009-01-09 16:36 ` Peter Renzland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49680E25.7030609@treenet.co.nz \
--to=squid3@treenet.co.nz \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.