I have a server running Debian Stretch with a lot of running services and from the hoster's monitoring I can see some pretty hefty traffic spikes every now and then (not regular). As this could be malicious traffic, I need to find out what process is responsible.
Is there an way to log network usage on a per process basis (like Nethogs, but continuously)? I would like some kind of monitoring which tells me how much traffic each service generated over the last minute/5 minutes/hour/day/week. Like munin does, but not only Apache...
With a lot of tools it seems that either you see it happening or, if you are too late and the offending process has terminated, you have no way of knowing what it was.
