LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (http://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   Bandwidth Monitor (That keeps logs) (http://www.linuxquestions.org/questions/linux-desktop-74/bandwidth-monitor-that-keeps-logs-478931/)

JDawg06 08-30-2006 06:40 PM

Bandwidth Monitor (That keeps logs)
 
I recently decided to try linux and installed Ubuntu 6.06. I tried looking for bandwidth monitors that kept logs but I couldn't find any or it was something I had to compile (I have no idea how to compile anything). Does anyone know of a bandwidth monitor that keeps logs of daily/monthly/yearly bandwidth usage?

theNbomr 08-31-2006 12:17 PM

Cron this:
Code:

0-59 * * * * /sbin/iptables -vnxZ -L | perl -e '@in=<>; foreach $rule ( @in ){ if( $rule =~ m/ACCEPT/ ){ @rule=split /\s+/, $rule; $bytes += $rule[2];}} $t=scalar localtime(time); $t =~ m/[A-z][a-z][a-z] (.+)/; print "$1  $bytes\n";' >> /var/log/iptablesStats.log
Gets you a minute-by-minute log of all network traffic recorded by iptables. It might break depending on your firewall configuration, or the exact formatting of iptables' reporting, but the basic premise should be discernable. It has been working for me for years. I use logrotate to rotate the logs, and have a php script to plot the results on a simple graph accessible via the web.

--- rod.

JDawg06 08-31-2006 02:23 PM

What exactly does 'cron' mean.

soggycornflake 08-31-2006 03:16 PM

Quote:

Originally Posted by JDawg06
What exactly does 'cron' mean.

According to wikipedia, the name is derived from Greek chronos, meaning time.

theNbomr 08-31-2006 03:25 PM

Okay, sorry. Forgot you are a greenhorn.
First, a general answer: when confronted with an unknown command, try apropos, as in
Code:

apropos cron
That will often give you a decent idea of what the command is all about.
Next, if you want to know the details of how to use the command, use man:
Code:

man cron
Often, man will have a section called 'see also', which in this case would be completely germaine to your question.
Code:

SEE ALSO
      crontab(1), crontab(5), pam(8)

Tells you to also do
Code:

man crontab
and
Code:

man 5 crontab
Bottom line: read the man pages, and create a crontab file using the example I quoted above. If it doesn't work, come back for more help, or with a fix, if you manage to fix it yourself.

Hope this helps.

--- rod.

JDawg06 08-31-2006 10:47 PM

Alright I found out how to make my own crontab, but ran into some problems.

Wouldn't let me put links since I didn't have 3 posts.

img.photobucket.com/albums/v297/SiKTheGreatOne/Crontab.jpg

img.photobucket.com/albums/v297/SiKTheGreatOne/Crontab2.jpg

theNbomr 09-01-2006 09:57 AM

The only problem I see is that it needs to be done as root. It is hard to grab your exact entries to try locally when it is in an image file. All I can guess is that there is a hidden character in there somewhere or maybe Ubuntu's crontab format is different from mine, although that seems improbable. Re-read your man page for the time specification part of the crontab entry. It is complaining about the format of the time specifiers, but when I retry the same command copied and pasted from this forum, I don't get any complaint from my crontab editor. Try replacing the command part of the crontab entry with something really simple like 'ls ~', just to make sure the command itself isn't actually fouling things up. Try using minutes specifiers of 1-60, 1-59. Try a specific list like "0,5,10,15,20,25,30,35,40,45,50,55". In general, for these kinds of problems, simplify things to the point that there are no errors and then start adding stuff back so you can see exactly where the problem originates.

It would be helpful if you could cut & paste the text into this forum, especially if you don't intend to keep those links alive in perpetuity. Others who read this later will lose the continuity, which is part of the point of keeping all of the questions open to all to read.

Now, having said all of this, I do now see where the perl script will fail if your firewall default policies are ACCEPT. I will re-work the script to accomodate that, and post it here when it is ready.

Maybe some other Ubuntu user can try the same crontab entry and post results here....

--- rod.

JDawg06 09-03-2006 12:50 AM

Alright I logged in as root and did it successfully, next time I log in do I need to login as root for the thing to work.

I'm looking at the iptablesStats.log and it doesn't seem to be working.

Sep 3 01:46:01 2006 0
Sep 3 01:47:01 2006 0
Sep 3 01:48:01 2006 0
Sep 3 01:49:01 2006 0

theNbomr 09-04-2006 11:02 AM

Can you post the results of:
Code:

/sbin/iptables -vnx -L
(as root, of course)
This will help me make sure I get the perl script modifications correct for you.

Here is a preliminary try that may work.
Code:

/sbin/iptables -vnx -L | perl -e 'while( <> ){ if($_ =~ m/policy ACCEPT/ && $_ =~ m/([0-9]+)\s+bytes/){$bytes+=$1;}}$t=scalar localtime(time); $t =~ m/[A-z][a-z][a-z] (.+)/; print "$1  $bytes\n";'
You can run this from the commandline, as root, for a quick test.

--- rod.

JDawg06 09-04-2006 01:34 PM

Output of /sbin/iptables -vnx -L:
Code:

Chain INPUT (policy ACCEPT 146 packets, 129994 bytes)
    pkts      bytes target    prot opt in    out    source              destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target    prot opt in    out    source              destination

Chain OUTPUT (policy ACCEPT 106 packets, 10713 bytes)
    pkts      bytes target    prot opt in    out    source              destination

Output of the second code:
Sep 4 14:31:30 2006 144686

Does this log both download/upload?

theNbomr 09-04-2006 05:27 PM

It looks like that does it. The numbers don't add up in the two parts of your post, but I assume that is because they are from two separate runs. The total recorded is the sum of all three chains; INPUT, OUTPUT, and FORWARD (which should be zero except on a router or firewall). If you change your iptables configuration, the perl script will have to be modified accordingly.

--- rod.

JDawg06 09-04-2006 08:03 PM

So how do I tell the difference between download and upload?

I found ntop: http://www.ntop.org/overview.html

But I have no idea how to install it.

theNbomr 09-04-2006 09:33 PM

You can't, because that's not what you asked for. If you want a total network analyzer package, then ntop is probably the thing you want. Since you have found something you want, now is probably the time to get a primer in installing these kinds of things.
First, you want to get the package. If Ubuntu uses RPM's, look on rpmfind or pbone, and see if they have a package for your particular distribution. If yes, just download it, and install it with 'rpm -ihv' (as root, of course).
If no RPM available, download the compressed tar file from sourceforge.
These next steps apply to the vast majority of source tar-balls:
1. untar it with 'tar -zxvf ntop-blah-blah.tgz'.
2. cd ntop-blah-blah
2a - more ./INSTALL or ./README or ./Read.Me......
3. ./configure
4. make
5. make install

The configure step may point out missing dependencies, which you address by downloading and installing said dependencies (all the while becoming acquainted with the term 'dependency hell').
Welcome to the Free Open Source Software world. :-)

--- rod.

JDawg06 09-04-2006 09:59 PM

Configure does prove to be troublesome.
Code:

configure: error: no acceptable C compiler found in $PATH
I tried before to get a C compiler and failed.
Which C compiler do you suggest?

Edit: The 'build-essentials' package was not installed, now to find more dependencies.

Edit: Wow...Alright, for ntop I need libpcap and for libpcap I need flex and for flex I need GNU M4 1.4. However I installed GNU M4 1.4 but flex won't install :(.

Edit: Went to ubuntu site for libpcap package(Supposedly tcpdump.org has trojans...I hope not), libgdbm package.

New problem, I installed gd and gd-devel and still get this message when trying to configure ntop.
Code:

*******************************************************************
*
* ERROR: gd header or library routines are missing
*          (yes means it was found, no means it was not found)
*
*              gd.h...yes
*              gdImageDestroy() in -lgd...no
*
*>>> No way to proceed.
*
*???        Install gd (and/or gd-devel), check www.boutell.com/gd
*???    and Rerun ./configure
*
*******************************************************************


theNbomr 09-05-2006 09:13 AM

Quote:

I tried before to get a C compiler and failed.
Which C compiler do you suggest?
The only one that should be an option is Gnu CC, aka gcc.

It sounds like you really should install the Ubuntu developer's version. The distributions that I am most acquainted with have an installation option to install a toolset for software development. That would include a host of compilers, and associated tools, libraries, etc. (like flex & M4,for instance). The good thing about going this route is that all the components will likely have been tested for compatibility, and the set should be relatively complete. Maybe these are the things in the 'build-essentials' package that you mention. If you have a fresh Linux install without too much customization done that you don't want to throw away, I suggest you do a re-install and select a complete install with everything available in the distribution. All I know about Ubuntu is that it is touted as a good system for beginners and non developers. Perhaps a different distro such as Fedora Core or Suse is worth considering.

I just did a quick look, and it seems like synaptic is the weapon of choice for installing packages in Ubuntu. If you want to install most things, using that should be your first choice.

The issue with gdImageDestroy must mean that ntop relies on a specific version of the gd lib; hopefully the most recent version. A quick scan of the Boutell.com site doesn't reveal anything about that call, and it doesn't sound like anything very unusual, so my guess is that the error you are seeing has more to do with the way in which your gd library is installed. Did you get yours from boutell.com or one of it's mirrors?

If you are concerned about trojans, I suggest installing packages obtained from large repositories such as sourceforge.net. AFAIK, trojans are rarely distibuted as source code, because it would be fairly easy to spot and remove, and any trojan-bearing code from a place like sourceforge would be quickly detectd and erradicated. A mature library like libpcap is almost certain not to contain any trojan. Good of you to be concerned about that kind of thing, though.

Hope all of this doesn't seem too scarey. Once you get the hang of it, it opens up a lot of possibilities. You'll be better off for your efforts. The progress you've already made tells me you will manage just fine.

--- rod.


All times are GMT -5. The time now is 06:33 AM.