[ale] Traffic

JANINDRA at MS.NDCORP.COM JANINDRA at MS.NDCORP.COM
Mon Sep 13 12:29:13 EDT 1999


IPCHAINS has a "byte-counting" rule. so if you are doing "port aliasing" you
could say something like:

ipchains -A input -p tcp -s 0.0.0.0/0 -d your.ip.addr 80
ipchains -A input -p tcp -s 0.0.0.0/0 -d your.ip.addr 63

etc..

what this does is watch the packets coming over port 80, and port 63. You
can then issue:

ipchains -L -v to see each rule with the number of packets and number of
bytes. You can then do an :

ipchains -Z to zero out the counters

I've never used this but, the docs say it is suppose to work.

--Randy



-----Original Message-----
 From: jj at spiderentertainment.com [mailto:jj at spiderentertainment.com]
Sent: Monday, September 13, 1999 12:26 PM
To: Janinda, Randy # NDCHQ
Cc: ale at ale.org
Subject: Re: [ale] Traffic


Well, that method I'm trying to avoid as it really consumes the resources.
I'm
looking for a program that reads the raw data in the /proc like IPtraf. What
IPtraf does is that it reads all the /proc files, and translates it for a
human
to read and best of all it works really great. However IPtraf does not
report
the byte transfer per "aliased" interface, it only shows per interface,
which is
my problem.

Let's say that I have server with hosting, and suddenly someone starts using
alot of traffic, I want to be able to run this program, let's say for 30
seconds, and in that time frame it will tell me how much traffic each
"aliased"
interface has transferred to and from.

Any ideas ?

Thx.



JANINDRA at MS.NDCORP.COM wrote:

> I am confused. The way a web server work (or atleast Apache) is it keeps a
> (configurable) record of what is going on with the server, any errors as
> well as a transfer file. Web admins can configure the server to show the
> bytes transfered in the log file (or a custom log file). The
"after-market"
> web analysis programs have two possible choices: 1) Keep their own logs
when
> the server is running or 2) parse the log file for the info you are
looking
> for. I am not aware of any other way to get the info you need (except
maybe
> setup IPCHAINS and keep a running counter on a port). SO, with that said,
if
> you have access to the httpd.conf (or .htaccess if the admin allows
> overides) you can put in the following command:
>
> Logformat "%r -> %b" onlybytes
> CustomLog logs/byte_log onlybytes
>
> This will show you the bytes (%b) for each of the requests (%r). Now all
you
> have to do is parse this small(er) file and add up all the links that are
> the same :)
>
> Hope this helps some.
>
> --Randy
>
> -----Original Message-----
> From: jj at spiderentertainment.com [mailto:jj at spiderentertainment.com]
> Sent: Monday, September 13, 1999 11:08 AM
> To: ale at ale.org
> Subject: [ale] Traffic
>
> Is there a program that will show you which web sites do the most
> traffic ? I don't want a program that reads log files, it takes too long
> and too CPU intensive.
>
> I got a IPtraf, it's really good, but it does not show the byte transfer
> rate per alias IP.
>
> Is there anything that can tell me which sites are doing the most
> traffic(On the same machine) ? without reading the darn huge log files ?
>
> Thank you :)






More information about the Ale mailing list