Linux – Monitor bandwidth over time, excluding certain networks

bandwidthgraphlinuxmonitoringrrdtool

I'd like to monitor bandwidth usage of my Linux servers, but there's a catch: traffic between my two servers is not counted against me, only traffic to the internet at large. However, my servers have only a single network interface, and pretty much everything I've tried measures on a per-interface basis. Does anyone know of a tool that can generate bandwidth graphs, while not counting traffic to/from certain IP ranges?

Bonus points if it generates RRD files (I can already graph them easily) and double bonus points if it works with collectd (either configuration of the standard collectd, or a plugin to it).

Best Answer

Assuming you have no access to an upstream router or switch that provides the same view of this data that your ISP sees, you can use iptables accounting to on each host to count bytes/packets destined for anything other than your other IP address (or IP range), and then poke this into an RRD yourself.

EDIT

As an example, you could use some rules like these ones in iptables to create the accounting:

iptables -N ACCOUNT_IN
iptables -N ACCOUNT_OUT
iptables -I INPUT -j ACCOUNT_IN
iptables -I OUTPUT -j ACCOUNT_OUT

iptables -I ACCOUNT_IN -s ! 10.66.1.0/24
iptables -I ACCOUNT_OUT -d ! 10.66.1.0/24

This creates two new chains, ACCOUNT_IN and ACCOUNT_OUT. I then insert jumps to these at top of the INPUT and OUTPUT chains. Inside each chain, I add a rule with no jump target to match on remote addresses - for input, anything that doesn't have an address on my local /24 as source; for output, anything that doesn't have an address on my local /24 as destination. Packets then return from this chain back into your normal INPUT/OUTPUT chains, as there is no jump rule.

To check the accounting data:

# iptables -L ACCOUNT_IN -n -v
Chain ACCOUNT_IN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    5  2138            all  --  *      *      !10.66.1.0/24         0.0.0.0/0 

# iptables -L ACCOUNT_OUT -n -v 
Chain ACCOUNT_OUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   15  2846            all  --  *      *       0.0.0.0/0           !10.66.1.0/24

From there you can pull out those pkt/byte counts and pass to rrdupdate (I assume that you're OK with passing data into an rrd, as you've said you're ok with pulling data out of an rrd. If not, that question has probably already been asked here).

If you want to zero the counters each time you read them, pass the -Z command (zero counter) to zero the byte counters.

If any of your hosts are routers, you'll need to do accounting on the FORWARD chain as well - you can probably just insert a jump to both ACCOUNT_IN and ACCOUNT_OUT from the top of the FORWARD chain and it'll do the right thing, but I haven't thought about that enough to be 100% sure it'll work

Related Topic