Accounting with iptables vs. snmp
staenker at rhcs.de
Tue Apr 26 16:15:29 CEST 2005
Stefan-Michael. Guenther (in-put GbR) wrote:
> using iptables I have setup a traffic accounting on one of our client's
> iptables -A INPUT -i $WAN -j LOG --log-level debug
> iptables -A OUTPUT -o $WAN -j LOG --log-level debug
> iptables -A FORWARD -j LOG --log-level debug
> syslogd collects the entries in a single file which is analysed daily.
> The results corresponds to the amount of data I get with "iptables -L -v -n" .
> The provider of our client uses snmp on his router to calculate the traffic.
> Strange, but true: The numbers are never the same, sometimes iptables logs
> more traffic, sometimes snmp. The differences are between 1 and 25 %.
> Obviously someone is doing something wrong. The provider is one of Germany's
> big player, so I guess I made the mistake. But where and why?
> Thanks for any hint.
maybe (!)... your problem is simple so solve. You are appending this
rules with the LOG target. So you will not count traffic which is
blocked. Just write an -I instead of -A. But i don't know if thats the
problem which took up to 25% of traffic difference. It sounds very
strange, if you say that some times you count more than your provider
and another day your provider counts more. Maybe you have an failure
based on rounding the bytes to megabytes?
There are only 10 types of people in the world:
Those who understand binary, and those who don't
More information about the netfilter