IP-Accounting by iptables?

TobyD · 11-15-2004, 06:01 PM

Hi,

is it possible to log the moved (kilo|mega|giga)bytes per ip on every interface by iptables? I'll to see, how many MegaBytes and from where flows trought my routerinterfaces per diem. I don't want any huge statistic tools like mtrg, nagios, etc, only the amount of bytes per diem and per IP.

ie:

Code:

[...]
14.11.2004:
192.168.0.1   23MB
192.168.0.2   42MB

13.11.2004:
192.168.0.1   42MB
192.168.0.2   23MB

[...]

Any Ideas?
THX
TobyD

CroMagnon · 11-15-2004, 06:44 PM

Here's one idea:

Code:

# Create two new chains with default action of RETURN
iptables -N ether0-out
iptables -A ether0-out -j RETURN
iptables -N ether1-out
iptables -A ether1-out -j RETURN
# Insert rules at the top of the output chain
iptables -I OUTPUT -o eth0 -j ether0-out
iptables -I OUTPUT -o eth1 -j ether1-out

Now when a packet enters the OUTPUT chain, it will be sent to the appropriate rule for that interface, and the RETURN target will drop it right back into the OUTPUT chain again - so the ether0-out chain will have packet counters for all packets that go out on eth0, but will do basically nothing (and shouldn't interfere with any other rules in your OUTPUT chain, if you have any).
Use:

Code:

iptables -L ether0-out -v

to see the stats (for eth0) and

Code:

iptables -Z ether0-out

to reset them for a new day.

You could do something similar for the INPUT or FORWARD chains depending on what you need to monitor.

TobyD · 11-15-2004, 06:59 PM

exactly this!

now, i must create one rule for each of my ip and my log could be then:

iptables -nxvL $RULE | awk '{ print $2; }'

many thanks!
TobyD

btw: found this even by google: http://k12linux.mesd.k12.or.us/nag2/...ccounting.html