Logging outbound traffic statistics

Issues related to configuring your network
Post Reply
vtwin@cox.net
Posts: 38
Joined: 2017/02/16 16:41:29

Logging outbound traffic statistics

Post by vtwin@cox.net » 2021/02/01 13:19:26

My ISP (comcast) has just instituted a monthly data cap of 1.2TB. Sadly, based on their usage stats on their web site (which I have little faith in) I routinely exceed their data cap by a couple hundred gig. This means either pay a penalty per 50 gig or "upgrade" to their "unlimited" service (didn't I already have that?) for an additional fee.

Before I do this, I'd like to try and get a handle on what my outbound traffic is. If I can identity my outbound traffic sources (from my lan) and destination (where they're going), I can get a better handle on what exactly is generating the traffic they claim I am. For example, one month (September) they claim I consumed 3.7TB of data. Granted, my wife and I principally work at home now and we are on the computer a great deal, but that number seems pretty excessive and I find it hard to believe.

I'm not sure that the best way to do what I am looking to accomplish. I've googled quite a bit and I cannot seem to find a clear answer, perhaps due to the somewhat generic keywords returning a lot of extraneous information which really isn't applicable.

Ideally, I suppose what I'm trying to do is find some method of producing a report similar to what SARG does for squid proxies -- e.g. the source IP on my lan, the destination IP on the internet, how many packets and how many bytes of data.

This will also allow me to determine if their measurement of my data usage is accurate or not, and possibly take some corrective action if I have a misbehaving device. I can also yell at my kids if necessary :D

Squid and SARG does what I am looking for, but only for http requests. I really do not care about the contents of the payload, I can pretty much determine what is going on by the source IP address, I use DHCP reservations extensively for IOT devices, etc.

I've found some references to using IPTABLES with logging. The only thing I can think of in this regard is a rule along the lines of:

-A FORWARD -o myInternetInterface -j LOG

have rsyslog forward these messages to a separate file which I can then parse and generate a summary.

Does anyone have a recommendation on a tool I can use to accomplish what I am looking to do? (Why reinvent the wheel?)

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Logging outbound traffic statistics

Post by TrevorH » 2021/02/01 13:55:51

I graph my connection stats with cacti using snmp. Other graphing solutions are available!
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply