You can significantly reduce the accounting load and improve scalability by using packet sampling in the netfilter statistic module. The Host sFlow daemon can be used as a ULOG monitor, forwarding the packet samples as sFlow datagrams to a remote sFlow collector, allowing centralized monitoring of large numbers of servers. For traffic accounting you might want to look at pmacct. pmacct can receive sFlow from remote servers, or monitor ULOG locally, storing the data in MySQL, PostgreSQL, SQLite or BerkeleyDB See: http://blog.sflow.com/2010/12/ulog.html http://www.pmacct.net/ On Sat, Apr 9, 2011 at 5:13 AM, Clemens Eisserer <linuxhippy@xxxxxxxxx> wrote: > Hi, > > We try to use ulog for traffic accounting in an university project. > > First we tried ulogd-2.0beta4 + pgsql backend, but even under moderate > load the database couldn't keep pace with the amount of requests. > I thought about using ulog2 with sqlite, however in TODO theres an > entry about making ulogd2 compatible with squlite, so I guessed sqlite > is not yet supported with ulogd2? > > Then we switched back to ulog-1.24 + squlite3, which works perfectly. > It can handle 100mbit/s torrent traffic at about ~50% CPU load. > However in sqlite's ulog table, the ulog-prefix is not stored. Is > there any way to get it stored - to be able to track which rule caused > the log enrty? > > Also, conntrack is supported in ulogd2. Is this also true for > ulogd1.2? I couldn't find specific docs about that. > > > Thank you in advance, Clemens > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
