CentOS: monitor traffic usage per IP with plain report output
Hello,
I have issue with my server. For some unknown reason, couple of users somehow manage to use up to !!!400Gb!!! traffic per DAY! iftop shows that some users cause 20-50mbit load during long time. I tried to limit speed, upload file size via nginx but nothing helped.
However dropping their connections with iptables works just fine =) So I started searching the way to monitor traffic usage per IP. The main requirement was to have some plain output, so I could write bash script which would analyze IPs and adds 'greedy' ones to blacklist for couple of hours.
So far the best way is to use iptables' counters but the problem is that they require creating rules for EACH user (IP). I can write another bash script which will parse nginx's logs for new IPs and adds them but since I have 5000 unique users per day, will not it cause a problem?
Also, what is the best and simplest way to count traffic usage per IP automatically and have plain output report.
Thanks in advance for any help
p.s. I get inspired by this article catonmat[dot]net/blog/traffic-accounting-with-iptables/
Last edited by Yehuda Katz; 08-22-2014 at 12:31 AM.
|