Traffic summary using iptables

From Skytech
Revision as of 07:48, 3 May 2011 by 95.67.80.146 (talk) (comment6, http://taresibis.tk/klassnyy-chas-tabakokurenie.html ����������� �������� ������ � ����������, yni, http://taresibis.tk/elektronnye-podarki-gadzhety.html ����)
Jump to navigation Jump to search

JWIp6F <a href="http://cbsntsboodmg.com/">cbsntsboodmg</a>, [url=http://anghctaosyqj.com/]anghctaosyqj[/url], [link=http://rzszcorsmwfy.com/]rzszcorsmwfy[/link], http://chnkfulmbhvi.com/

comment6, http://respelesstan.re.funpic.de/picture-of-dooney-and-bourke-purse.html picture of dooney and bourke purse, ihv, http://respelesstan.re.funpic.de/rossetti-bags-vegan.html small black leather coach handbag, bkgw, http://respelesstan.re.funpic.de/a-store-to-make-handbags.html a store to make handbags, 8-D,

comment2, http://suppsatsimppi.tk/kak-privorozhit-parnya-na-sigarete.html ����������� �������� ������, >:), http://suppsatsimppi.tk/kak-kurenie-vredit-legkim.html ������� �� ��������,  :-(((, http://suppsatsimppi.tk/vliyanie-kureniya-na-serdce-referat.html �������� ������, sebcmq,

comment6, http://taresibis.tk/klassnyy-chas-tabakokurenie.html ����������� �������� ������ � ����������, yni, http://taresibis.tk/elektronnye-podarki-gadzhety.html ����������� ������� �������, 788788,

Database create options

For those wanting it; I've made a unique key formed by year+month+day+hour+source. It's highly inefficient, but I'm dealing with a relatively low amount of data on my end (checking 3 hosts, so for a year I'll have a max of 3 hosts * 24 hours * 365 days ~= 25000 entries).

CREATE TABLE `traffic` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `year` smallint(4) DEFAULT NULL,
  `month` smallint(2) DEFAULT NULL,
  `day` smallint(2) DEFAULT NULL,
  `hour` smallint(2) DEFAULT NULL,
  `source` varchar(20) DEFAULT NULL,
  `traffic` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `datecheck` (`year`,`month`,`day`,`hour`,`source`)
) ENGINE=MyISAM AUTO_INCREMENT=13 DEFAULT CHARSET=latin1

Sample data would look like

mysql> SELECT * FROM traffic;
+----+------+-------+------+------+---------------+-----------+
| id | year | month | day  | hour | source        | traffic   |
+----+------+-------+------+------+---------------+-----------+
|  1 | 2011 |     3 |   12 |   14 | 192.168.0.210 | 273143717 |
|  2 | 2011 |     3 |   12 |   14 | 192.168.0.220 |      2920 |
|  3 | 2011 |     3 |   12 |   14 | 192.168.0.240 |     30071 |
|  4 | 2011 |     3 |   12 |   15 | 192.168.0.210 |   3111394 |
|  5 | 2011 |     3 |   12 |   15 | 192.168.0.220 |         0 |
|  6 | 2011 |     3 |   12 |   15 | 192.168.0.240 |   1379200 |
|  7 | 2011 |     3 |   12 |   16 | 192.168.0.210 | 376536344 |
|  8 | 2011 |     3 |   12 |   16 | 192.168.0.220 |      1572 |
|  9 | 2011 |     3 |   12 |   16 | 192.168.0.240 |     42356 |
| 10 | 2011 |     3 |   12 |   17 | 192.168.0.210 | 665197917 |
| 11 | 2011 |     3 |   12 |   17 | 192.168.0.220 |      1440 |
| 12 | 2011 |     3 |   12 |   17 | 192.168.0.240 |     60937 |
[ ... ]

Example iptables output to test if it's working

For ingoing traffic, issue:

root@gateway:~# iptables -L TRAFFIC_ACCT_IN -n -v -x
Chain TRAFFIC_ACCT_IN (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
  968985 56959759            all  --  *      *       0.0.0.0/0            192.168.0.210       
      78     4328            all  --  *      *       0.0.0.0/0            192.168.0.220       
   55144 80428099            all  --  *      *       0.0.0.0/0            192.168.0.240

For outgoing, do:

root@gateway:~# iptables -L TRAFFIC_ACCT_OUT -n -v -x
Chain TRAFFIC_ACCT_OUT (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
   12713  4252586            all  --  *      *       192.168.0.210        0.0.0.0/0           
      26     1440            all  --  *      *       192.168.0.220        0.0.0.0/0           
     928    53851            all  --  *      *       192.168.0.240        0.0.0.0/0

If you need to flush the counter for any of those, just use the -Z option followed by the chain-name:

iptables -Z TRAFFIC_ACCT_OUT