Linux bandwidth monitoring and network accounting tools
Some time ago I was looking for tools to monitor network bandwidth usage by clients. Needed something to run on my super awesome Linux router/firewall (Vyatta) to see what everyone on the network is doing and on the Xen VM hosts to keep an eye on the virtual machines.
As always with Linux, there are lots of quality projects worth serious consideration, so the hardest part was to narrow the plethora of choices down to a manageable number to test.
Specific requirements were:
- Runs on Linux
- Keeps historical data
- Not a resource hog (RAM, CPU or Disk)
- Keeps data in a format easily queried by other tools
- Released under an Open Source license
Out of the various tools I've tried, Netacct-mysql is currently my favorite. It collects bandwidth data through libpcap and stores in a MySQL database (reportedly, PostgreSQL and Oracle are also supported). It comes with a dedicated PHP front end, but to me the real power is that it stores the stats in the database, so through SQL SELECT statements, I'm able to get all the stats I need.
Meanwhile, here are the installation steps for Netacct-mysql on Vyatta. Steps apply to Debian as well, since Vyatta is based on Debian (if you believe /etc/debian_version, which, on both Vyatta VC2 and VC3, reports "Debian 4.0", aka "Etch"):
1 2 3 4 5 6 7
apt-get install mysql-server libpcap-dev gcc libmysqlclient15-dev make wget http://netacct-mysql.gabrovo.com/download/netacct-mysql-0.78.tar.gz tar xvfz netacct-mysql-0.78.tar.gz cd netacct-mysql-0.78 mysql -uroot -p < netacct.sql mysqladmin -u root password yourpasshere mysql -u root -p yourpasshere
1 2 3
GRANT ALL PRIVILEGES ON netacct.* TO 'acct'@'localhost' IDENTIFIED BY 'somepass'; FLUSH PRIVILEGES; quit
1 2 3 4
cd ~/netacct-mysql-0.78 ./configure make make install
Edit nacct config files and define your options (e.g. enter the MySQL pass for user acct, define your network adapters and your networks)
1 2 3 4 5 6
vim /usr/local/etc/naccttab vim /usr/local/etc/nacctpeering cp contrib/nacctd.debian /etc/init.d/nacctd update-rc.d nacctd defaults /etc/init.d/nacctd start ps aux | grep nacctd | grep -v grep
All done. Give the nacctd daemon about an hour (it keeps hourly stats) and you should start seeing numbers in your DB. Let's see some stats!
1 2 3 4 5 6 7 8 9
mysql -u root -p USE netacct; SELECT * FROM traffic; # GET total (IN+OUT, IN GBs) bandwidth used BY 10.2.28.122 during DEC 07 SELECT SUM((INPUT+output)/1073741824) FROM traffic WHERE IP='10.2.28.122' AND TIME LIKE '2007-12%'; # GET (IN & OUT, IN GBs) bandwidth used BY ALL hosts during DEC 07 SELECT traffic.ip, SUM(INPUT)/1073741824 inp, SUM(output)/1073741824 outp FROM traffic WHERE TIME LIKE '2007-12%' GROUP BY ip;
Hope you're getting nice stats and that warm fuzzy feeling which comes with a false sense of security. For some additional info, check out the Netacct-mysql project page. Also, take a look at this post on Monitoring Bandwidth Usage for a Xen node, which is where I first learned about Netacct-mysql.
In addition to Netacct-mysql, I frequently use a couple of other tools also. Check them out!
I use this one for real time bandwidth monitoring at the console. Bmon tracks usage by interface. Looks great for a console tool. Description of the tool from the project page: "bmon is a portable bandwidth monitor and rate estimator running on various operating systems. It supports various input methods for different architectures. Various output modes exist including an interactive curses interface, lightweight HTML output but also formatable ASCII output."
Provides a historical view of bandwidth usage. Also tracks usage by interface. I use this one when I want a general overview of bandwidth usage, particularly on the edge router to see how close I am to overage charges from my colocation provider. The tool comes with a number of pre-configured display options (e.g. hours, days, weeks, months, top10). Can also measure and report back usage for a specified period time (e.g. 60 seconds). Description of the tool from the project page: "vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s). vnStat isn't a packet sniffer. The traffic information is analyzed from the /proc filesystem. That way vnStat can be used even without root permissions. However, at least a 2.2 series kernel is required."
Well, that's it. If you have some pointers, please leave a comment! Happy Festivus to all!