Hi,
using iptables I have setup a traffic accounting on one of our client's gateways:
iptables -A INPUT -i $WAN -j LOG --log-level debug iptables -A OUTPUT -o $WAN -j LOG --log-level debug iptables -A FORWARD -j LOG --log-level debug
syslogd collects the entries in a single file which is analysed daily.
The results corresponds to the amount of data I get with "iptables -L -v -n" .
The provider of our client uses snmp on his router to calculate the traffic.
Strange, but true: The numbers are never the same, sometimes iptables logs more traffic, sometimes snmp. The differences are between 1 and 25 %.
Obviously someone is doing something wrong. The provider is one of Germany's big player, so I guess I made the mistake. But where and why?
Thanks for any hint.
Stefan
Hello Stefan,
maybe (!)... your problem is simple so solve. You are appending this rules with the LOG target. So you will not count traffic which is blocked. Just write an -I instead of -A. But i don't know if thats the problem which took up to 25% of traffic difference. It sounds very strange, if you say that some times you count more than your provider and another day your provider counts more. Maybe you have an failure based on rounding the bytes to megabytes?
Regards Richard
-- There are only 10 types of people in the world: Those who understand binary, and those who don't
