Linux – Limit max bandwidth usage per IP

Just to add on the above question.

You could use iptables with user matching to color the packets like so:

iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner someuser -j MARK --set-mark 100

And then use 'tc' to limit on a per user basis.

If you don't want to try and analyze the data coming out of the ASA itself you might just consider doing a port-mirror the switch the ASA is connected to and use a piece of probe software to watch that port. You could easily get Netflow data that way using something like nProbe.

There's a fairly nice tool, PIX Logging Architecture that comes so close to doing what you want. I've deployed it in a couple of sites, and it's reasonably nice (albeit I don't care much for its tight coupling with MySQL), but the per-NAT traffic statistics that an ASA (and newer version of PIXOS) can report are completely ignored! You get statistics about source, destination, frequency, and duration of translations (and thus UDP / TCP streams), but not bytes! If I had the copious free time I'd consider adding the functionality. (BTW: It's GPL v2 licensed. I'd be willing to talk with somebody who wanted to add monitoring of byte counts to the product about throwing some money at them to make it happen. Ping me off-site if you're interested and serious about it and we can talk about requirements.)