1

I am administrator of an openSUSE linux server which is used by many people in our company.

Today we find out that yesterday one of the users use too much of bandwidth and its important for management department to notice which user have done this.

I've searched in different website and forums etc the all I find was ifconfig or ifstat which are just show the whole network usage. and also I install a tool vnstatto start network monitoring and logging for any further problem might happen in future.

Finally, I wonder is there any solution to find out network usage in a specific time in past per user. or is there a log file in linux responsible for traking network usage by users.

peterh
  • 4,914
  • 13
  • 29
  • 44
amir19
  • 19
  • 1
  • 3
  • @perror i don't want to limit the bandwidth, just want to find who used so much yesterday – amir19 Aug 05 '14 at 14:47
  • Sorry, I misread your question. Still, `iptables` can log a lot of information about network usage. It should also be the right way to go. But, is it for a future usage or just for this present case (because, you need to set-up the log before using it). – perror Aug 05 '14 at 14:49
  • actually it has not been logging in our policy, there isn't a way to find out about network usage per user ? – amir19 Aug 05 '14 at 14:50
  • The problem is that you need to establish a link between a network connection and a user while it is running. Once this has been done, this link is lost (at least, up to my knowledge). One way to keep this information could be follow what is explained in this [question](http://askubuntu.com/questions/28926/how-to-monitor-network-bandwidth-per-user-on-ubuntu-server). – perror Aug 05 '14 at 14:57

3 Answers3

4

No, there is no such logfile.

You have to specifically set up logging to do that, and I am not aware of a standard way to do it. It may not be easy to do it accurately: a user may cause a process that isn't owned by that user to generate network traffic and it may not be trivial to ascribe that traffic to that user.

See e.g. this near-duplicate question or this one.

Community
  • 1
reinierpost
  • 410
  • 3
  • 9
4

It is very simple: with iptables, you can track the users as well. Theoretically, you could block/delete/redirect their packets, but now currently you only want to measure them. It is very simple, because iptables by default tracks all of the data getting through their rules. An example code is here:

iptables -A OUTPUT -o eth0 -m owner --uid-owner 1001

After an iptables -L -v -n you will be able to see, how many data was sent by the user with uid 1001.

Of course it is not a full solution - maybe a much better alternative were, if you

  • created the uid tracker in a different chain in a script
  • and logged the counter of this with a tool.

Probably there are ready tools for that, although it weren't so complex to implement it by hand as well.

peterh
  • 4,914
  • 13
  • 29
  • 44
2

The problem is that you need to establish a link between a network connection and a user while it is running. Once this has been done, this link is lost (at least, up to my knowledge).

One way to keep this information could be follow what is explained in this question:

How to monitor network bandwidth per user on Ubuntu server?. (askUbuntu)

Community
  • 1
perror
  • 351
  • 1
  • 6
  • 18