Hi Eric, > I wrote this some time ago to explain how you can connect nfacct and > ulogd2: > https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ > One advantage of nfacct combined to ulogd is that you can use ulogd2 > connector to graphite: > https://home.regit.org/2012/12/visualize-netfilter-accounting-in-graphite/ Thank you very much for your reply, much appreciated :) I did come across that page earlier, but perhaps didn't give it the attention I should have. Now that the whole idea has been swimming around my head a couple days it makes more sense to me. One thing I am not clear on from your page is per-IP statistics. Specifically the reason I use bandwidth accounting at all is to identify abusers or heavy usage in a local network (mostly to keep my ISP honest and bandwidth overage to a minimum). If I understand the examples correctly, then I would need to set up an nfacct table for each IP in the subnet, and then create a matching rule for each table in iptables. As opposed to the ACCOUNT target where if I create a rule matching a subnet, it outputs stats for every IP in the subnet. Am I understanding correctly? or is there an easier way to gather the per-IP statistics using nfacct? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
