[ale] Traffic

Mon Sep 13 15:10:47 EDT 1999

I'm not too familiar with IPchains "yet!", But I have one quick question for you
before I go and dwell on the documentation. The server I have is in a live
production, and it is rebooted every 90 days. Ip chains sounds like recomp. the
kernel ?

Also you make it sound as if it was a server, or a built in function into the
kernel, my concern is speed. I can not afford to slow it down any more then it
is. It is currently pumping in and out 6-8 megs....

help ?

Thx.

JANINDRA at MS.NDCORP.COM wrote:

> IPCHAINS has a "byte-counting" rule. so if you are doing "port aliasing" you
> could say something like:
>
> ipchains -A input -p tcp -s 0.0.0.0/0 -d your.ip.addr 80
> ipchains -A input -p tcp -s 0.0.0.0/0 -d your.ip.addr 63
>
> etc..
>
> what this does is watch the packets coming over port 80, and port 63. You
> can then issue:
>
> ipchains -L -v to see each rule with the number of packets and number of
> bytes. You can then do an :
>
> ipchains -Z to zero out the counters
>
> I've never used this but, the docs say it is suppose to work.
>
> --Randy
>
> -----Original Message-----
> From: jj at spiderentertainment.com [mailto:jj at spiderentertainment.com]
> Sent: Monday, September 13, 1999 12:26 PM
> To: Janinda, Randy # NDCHQ
> Cc: ale at ale.org
> Subject: Re: [ale] Traffic
>
> Well, that method I'm trying to avoid as it really consumes the resources.
> I'm
> looking for a program that reads the raw data in the /proc like IPtraf. What
> IPtraf does is that it reads all the /proc files, and translates it for a
> human
> to read and best of all it works really great. However IPtraf does not
> report
> the byte transfer per "aliased" interface, it only shows per interface,
> which is
> my problem.
>
> Let's say that I have server with hosting, and suddenly someone starts using
> alot of traffic, I want to be able to run this program, let's say for 30
> seconds, and in that time frame it will tell me how much traffic each
> "aliased"
> interface has transferred to and from.
>
> Any ideas ?
>
> Thx.
>
> JANINDRA at MS.NDCORP.COM wrote:
>
> > I am confused. The way a web server work (or atleast Apache) is it keeps a
> > (configurable) record of what is going on with the server, any errors as
> > well as a transfer file. Web admins can configure the server to show the
> > bytes transfered in the log file (or a custom log file). The
> "after-market"
> > web analysis programs have two possible choices: 1) Keep their own logs
> when
> > the server is running or 2) parse the log file for the info you are
> looking
> > for. I am not aware of any other way to get the info you need (except
> maybe
> > setup IPCHAINS and keep a running counter on a port). SO, with that said,
> if
> > you have access to the httpd.conf (or .htaccess if the admin allows
> > overides) you can put in the following command:
> >
> > Logformat "%r -> %b" onlybytes
> > CustomLog logs/byte_log onlybytes
> >
> > This will show you the bytes (%b) for each of the requests (%r). Now all
> you
> > have to do is parse this small(er) file and add up all the links that are
> > the same :)
> >
> > Hope this helps some.
> >
> > --Randy
> >
> > -----Original Message-----
> > From: jj at spiderentertainment.com [mailto:jj at spiderentertainment.com]
> > Sent: Monday, September 13, 1999 11:08 AM
> > To: ale at ale.org
> > Subject: [ale] Traffic
> >
> > Is there a program that will show you which web sites do the most
> > traffic ? I don't want a program that reads log files, it takes too long
> > and too CPU intensive.
> >
> > I got a IPtraf, it's really good, but it does not show the byte transfer
> > rate per alias IP.
> >
> > Is there anything that can tell me which sites are doing the most
> > traffic(On the same machine) ? without reading the darn huge log files ?
> >
> > Thank you :)