{"id":132,"date":"2005-05-26T00:31:43","date_gmt":"2005-05-25T21:31:43","guid":{"rendered":"https:\/\/void.gr\/kargig\/blog\/?p=132"},"modified":"2005-05-26T00:35:16","modified_gmt":"2005-05-25T21:35:16","slug":"linux-ip-accounting","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2005\/05\/26\/linux-ip-accounting\/","title":{"rendered":"Linux IP accounting"},"content":{"rendered":"<p>Time for some more statistics.  Say your box runs as a router and you want to monitor which pc of your lans talks to whom from the outside world&#8230;how many bytes, packets, flows, etc&#8230;or say you use your box at home for p2p applications and want to monitor what&#8217;s going on&#8230;more than just keeping track of your traffic. That&#8217;s where IP accounting comes handy.<br \/>\nI applied IP accounting at my gentoo box at home. What I needed was inside <a href=\"http:\/\/www.dynamicnetworks.us\/netflow\/index.html\">this excellent documentation<\/a>. Basically one needs <a href=\"http:\/\/fprobe.sourceforge.net\/\">fprobe<\/a>, to export flows from linux in netflow format,  <a href=\"http:\/\/www.splintered.net\/sw\/flow-tools\/\">flow-tools<\/a> to collect those netflows, and <a href=\"http:\/\/net.doit.wisc.edu\/%7Eplonka\/FlowScan\/\">FlowScan<\/a> to process the flow files.  Most tools are easily emerged&#8230;but remember NOT to emerge flow-tools. If you do that you will have problems with Cflow. Do as the documentation says, download flow-tools from their site, &#8216;make install&#8217; it and go inside the contrib dir, untar Cflow-1.051.tar.gz and do as the documentation says for it. Most other things are rather straightforward.<br \/>\nOne usefull shell script I wrote with the help of Angelos was this:<br \/>\nshowtop.sh<br \/>\n<code><br \/>\n#!\/bin\/bash<br \/>\necho \"&lt;pre&gt;\" &gt; \/var\/netflow\/scoreboard\/stats.html<br \/>\n\/usr\/local\/netflow\/bin\/flow-cat -p \/var\/netflow\/ft\/ | \/usr\/local\/netflow\/bin\/flow-stat -f10 -S4 -n | head -n 50 &gt;&gt; \/var\/netflow\/scoreboard\/stats.html           \/usr\/local\/netflow\/bin\/flow-cat -p \/var\/netflow\/ft\/ | \/usr\/local\/netflow\/bin\/flow-stat -f8 -S3 -n| head -n 50 &gt;&gt; \/var\/netflow\/scoreboard\/stats.html             echo \"&lt;\/pre&gt;\" &gt;&gt; \/var\/netflow\/scoreboard\/stats.html<br \/>\n<\/code><\/p>\n<p>It creates an html file with 2 top-X lists&#8230;<br \/>\nThe first one is: a report on top source\/destination IP pairs sorted by octets<br \/>\nand the second one is: a top destination IP address report by sorted by outbound traffic<br \/>\nI find it really usefull and I&#8217;ve added it to my crontab to run every 5 minutes.<\/p>\n<p>It works for me&#8230;try it if you wish and comment with your results&#8230;<\/p>\n<p>P.S. I think flow-tools was the first package I had to install manually in my gentoo box since the day I&#8217;ve installed it. I think it is possible to create an ebuild to overcome the problems with Cflow&#8230;but I was too bored&#8230;anyway&#8230;have fun with IP accounting.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Time for some more statistics. Say your box runs as a router and you want to monitor which pc of your lans talks to whom from the outside world&#8230;how many bytes, packets, flows, etc&#8230;or say you use your box at home for p2p applications and want to monitor what&#8217;s going on&#8230;more than just keeping track [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1,3],"tags":[],"class_list":["post-132","post","type-post","status-publish","format-standard","hentry","category-general","category-linux"],"aioseo_notices":[],"views":5127,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=132"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/132\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}