Thank You John, was not thinking this direction at all. After reading many articles found by google on this search criteria let me ask another question please. Currently I don't use user created chains. Don't like em makes the script hard to follow. If I re-train my entire thought process to use user created chains could I get per protocol stats? For instance if I had an FTP chain could I get an hourly total used by FTP? This would be a total of control channel, active data channel, and passive data channel. On Wed, Oct 28, 2009 at 9:35 AM, John Haxby <john.haxby@xxxxxxxxxx> wrote: > > On 28/10/09 14:56, Jeff Jensen wrote: >> >> The boss wants to know how much bandwidth is used by the different >> app's we allow. I have some unique app's that run on unique port(s) >> and rules that log all packets. I set the --log-prefix= to something >> unique to that app and every day sort it out into individual files. I >> was hoping to aggregate all the entries to a total bandwidth out and >> it. >> > > I do this slightly differently. I collect information on a per-IP address basis (this is all traffic flowing through a router) and within each table I have rows that match a particular port/protocol and then just -j RETURN. > > Every hour I run "iptables -vxnL <table> -Z" for each table and then merge the counters into a database. I have another process that periodically looks at the database and produces pretty graphs of the per-machine, per-protocol usage. (Well, actually, I haven't done per-protocol yet, but I have the information needed.) > > There's an accounting extension in xtables which would do the job better, but I haven't attempted to persuade the xtables on CentOS 5 :-) > > jch -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
