Network traffic logging on Ubuntu 10.04
 

Hi all,

I am running an Ubuntu 10.04 system as a gateway between my LAN and my Router. I fail with words so a quick image will explain it best I think;
Clickie!

I'm looking for a program that will:
- Log what IPs my LAN computers have connected to (eg. I can see that 10.0.0.100 is connected to 66.102.11.104, and 10.0.0.102 is connected to 75.126.162.205)
- Log how much bandwidth that connection used.
- Log when it occured.

The logging part is important, I can use various programs to see realtime connections, but that doesn't help when I'm not around. I have tried setting up Cacti for this purpose, but I wasn't able to get it to log the data I wanted unfortunately.

It would be rather helpful if it had a web interface or something similar, but command line is fine (hopefully I could write a script to convert it to something easier on the eyes).

I've been using ntop for this purpose, but it doesn't keep logs very well (as far as I can tell?).

Does anyone know of one?

As a general approach, given the amount of detail that you want to archive, I think I would try to set up a wrapper around tcpdump, or simply write something with libpcap (man pcap). I think achieving enough speed/efficiency in your program is going to be a challenge, in order to not consume too much CPU on the host. As a sort of test of principle, you could start by wrapping tcpdump with a perl script that builds up hashes of the various elements that it reports: datestamp, source IP, destination IP, packet info, etc. Periodically flush the hashes to log files or to a RDB, and write a web-based gui to acquire the data. Sounds like a kind of interesting project, actually.
Now that I think about it, someone else must have done this already. Perhaps someone can point you to an existing application.
--- rod.