2

I'm looking to monitor how much bandwidth different users consume on a server.

Effectively, I'm looking for something like UserIPacct (http://ramses.smeyers.be/homepage/useripacct/), where I can get a print-out like:

    User       Sent       Received     Flags
    root       401364     401421
    news       2143       2210
    lf         221462     348287

Sadly, useripacct is not available for the 2.6 kernel series.

  • alright looks like this is the clear way to do this: http://siphon9.net/loune/2009/07/pondering-per-user-accounting-in-linux/ –  Aug 15 '09 at 08:28

3 Answers3

3

I don't know of any pre-existing solutions, but you can do this with netfilter using the 'owner' match extension, although you'll probably have to play with conntrack a bit to catch and account for the inbound packets (and you'd miss the initial connection setup packets, as they're not managed by a userspace process). I'd imagine that a non-netfilter solution would also be possible (a la ntop and the like) but it'd almost certainly get ugly and CPU intensive very quickly.

Honestly, though, I have pretty serious doubts that you're solving the right problem. Accounting for traffic on a per-user basis is better done by analysing the server-level logs (Apache, MTA, POP/IMAP server, etc) and accounting/billing on that basis (with an appropriate overhead for the bits they don't catch, like DNS). Trying to tie everything back to a user almost certainly won't have the results you expect.

womble
  • 95,029
  • 29
  • 173
  • 228
  • In my case, I'm allowing users to execute arbitrary code on my server, so I need a very general solution to track them. Following this image: http://jengelh.medozas.de/images/nf-packet- flow.png I modified the RAW table: Chain OUTPUT (policy ACCEPT) target prot opt source destination MARK tcp -- anywhere anywhere owner UID match emp1 MARK xset 0x64/0xffffffff Sadly, I'm not seeing any marks in conntrack -L (all have mark 0). Am I doing somethign wrong? –  Aug 15 '09 at 02:54
  • alright, I figured out what you meant.. (hence my answer). thanks –  Aug 15 '09 at 08:28
1

For real-time monitoring you can use iftop. If your looking for a log and report solution, then you can use pmacct. Works very nicely and can give you 1/2 hour, daily, weekly, monthly and yearly roll-ups.

As an aside, we use it a work in association with RRD tool to produce nice 'real-time' graphs.

Sam
  • 871
  • 7
  • 12
0

It may not be exactly what you are looking for, but vnstat has some nice features and its totally free. It will display bandwidth in real time, days total, week total, month total, etc.

cop1152
  • 2,626
  • 3
  • 21
  • 32
  • vnstat is a nice tool, but I need something that will give me bandwidth usage per-user (or at least per-process (+children)) –  Aug 15 '09 at 03:13
  • 1
    It's crazy how many people don't read the question. – niXar Aug 15 '09 at 10:47
  • read the question...offered my answered anyway....and leaving it put..here, I will list it again: It may not be exactly what you are looking for, but vnstat has some nice features and its totally free. It will display bandwidth in real time, days total, week total, month total, etc. – cop1152 Aug 16 '09 at 13:14