Skip to content
/ nlbwmon Public
forked from jow-/nlbwmon

[FORK] Simple conntrack based traffic accounting

License

Notifications You must be signed in to change notification settings

chadf/nlbwmon

 
 

Repository files navigation

nlbwmon - Simple conntrack netlink based traffic accounting

Description

nlbwmon can be used on a linux router to monitor bandwidth used by network hosts. Network statistics are collected and stored in a database. The client utility (nlbw) can query the daemon for current statistics.

By default, nlbwmon tracks bandwidth used over a one month interval, starting on the first of the month. A database is kept for each interval, up to 10 by default, after that the oldest one is deleted.

nlbwmon tracks traffic by IP Version (ipv4/ipv6), by IP Address, by MAC address, and by layer7 protocol (ie, port numbers). All tracking information is kept in the database. The default protocol file contains approximately 45 port definitions. The user can add/remove ports to this file as necessary. Any traffic that doesn't match a port definition is classified as 'Other'.

NOTE: If the user is not interested in layer7 protocol information, removing all protcools from the protocol file will classify all traffic into 'other', vastly reducing the database size.

nlbwmon uses a netlink socket to pull usage information from the linux kernel. nlbwmon collects statistic information from linux conntrack entries. This method is quite efficient compared to other methods of monitoring bandwidth usage.

Each time the conntrack entries are polled, their counters are reset (zero-on-read). When a conntrack entry is destroyed, nlbwmon is notified by the kernel, and stats are collected from that entry before it is deleted.

Usage

nlbwmon

NOTE: an init script and config file is provided for lede, allowing these settings to be configured via uci or via /etc/config. Just take a look at /etc/config/nlbwmon.

-i sec
Interval used to save in-memory database to file.
-r sec
Interval used to poll the conntrack entries.
-s network
Specify network subnet to monitor.
-o /path/to/database-folder
Storage directory for the database files.
-p /path/to/protocol-file
Protocol description file, used to distinguish traffic streams by IP protocol number and port.
-G count
Number of database generations to retain. After the limit is reached, the oldest database files are deleted. The default is 10.
-I interval
Accounting period interval. May be either in the format YYYY-MM-DD/NN, to start a new accounting period exactly every NN days, beginning at the given date, or a number specifiying the day of month at which to start the next accounting period. For example:
2017-01-17/14   # every 14 days, starting Jan 17, 2017
-2              # second to the last day of the month, e.g. 30th in March
1               # first day of the month (default)
-P
Whether to preallocate the maximum possible database size in memory. This is mainly useful for memory constrained systems which might not be able to satisfy memory allocation after longer uptime periods. Only effective in conjunction with database_limit, ignored otherwise.
-Z
Whether to gzip compress archive databases. Compressing the database files makes accessing old data slightly slower but helps to reduce storage requirements.

nlbw

NOTE: See the examples below to get started quickly.

-S /path/to/domain.socket
Path to unix domain socket. Default is /var/run/nlbwmon.sock. This should not be required unless the daemon was instructed to use another socket path for some reason.
-c command
Specify a command. Current commands are: show, json, csv, list, commit. See below for more information about commands.
-p /path/to/procol-database
Protocol description file, used to distinguish traffic streams by IP protocol number and port.
-g col[,col]
Group output by the specified column. Prefix column with a - to invert order.
-o col[,col]
Order output by the specified column. Prefix column with a - to invert order.
-t YYYY-MM-DD
Read data from the specified database, instead of the active database. Use the list command to view available databases.
-n
Use plain numbers, dont divide to get K, M, G, etc.
-s char
Specify the separator character when using CSV format. If no argument is provided, an empty string is assumed. Currently only applies to CSV format.
-q char
Specify the quote character when using CSV format. If no argument is provided, an empty string is assumed. Currently only applies to CSV format.
-e char
Specify the escape character when using CSV format. If no argument is provided, an empty string is assumed. Currently only applies to CSV format.

Commands available for nlbw:

show

Output stats in human readable format.

json

Output stats in JSON format.

csv

Output stats in CSV format.

list

List available databases. Select a database to read from, and specify it with the -t option.

commit

Write data stored in memory to database file. Use just before a reboot for example.

Use this repository as a package feed:

You can easily build nlbwmon from lede by including this repository in your build environment:

cp feeds.conf.default feeds.conf
echo "src-git nlbwmon https://github.com/jow-/nlbwmon.git" >> feeds.conf
./scripts/feeds update nlbwmon
./scripts/feeds install nlbwmon

Examples

Once the package is installed, use the "nlbw" command to dump gathered values:

root@jj:~# nlbw -c show
  Fam            Host (    MAC )      Layer7      Conn.   > Downld. ( > Pkts. )      Upload (   Pkts. )
IPv4       10.11.12.7 (47:e1:b9)       HTTPS       111      2.99 MB (   4.38 K)   816.77 KB (   5.86 K)
IPv6  2001:470:527e::6666:b3ff:fe47:e1b9 (47:e1:b9)       HTTPS        14    546.07 KB (     930 )   196.05 KB (     932 )
IPv6  2001:470:527e::6666:b3ff:fe47:e1b9 (47:e1:b9)        HTTP        15    296.07 KB (     194 )    28.67 KB (     329 )
IPv4     10.11.12.167 (a3:5c:1c)       HTTPS        24    210.53 KB (     299 )    61.86 KB (     400 )
IPv4      10.11.12.17 (2c:97:19)       HTTPS        31    163.54 KB (     481 )   352.28 KB (     593 )
IPv4       10.11.12.7 (47:e1:b9)       other       353    104.52 KB (     610 )    64.79 KB (     709 )
IPv4      10.11.12.15 (94:59:06)       HTTPS         6     49.48 KB (      85 )    18.36 KB (     103 )
IPv4       10.11.12.7 (47:e1:b9)        HTTP        24     14.24 KB (     152 )    16.89 KB (     177 )
IPv4     10.11.12.167 (a3:5c:1c)       other        15      6.03 KB (      80 )     5.73 KB (      68 )
IPv4      10.11.12.17 (2c:97:19)       other        11        800 B (      16 )     3.11 KB (      47 )
IPv6  2001:470:527e::6666:b3ff:fe47:e1b9 (47:e1:b9)   IPv6-ICMP         1        728 B (       7 )     5.68 KB (      56 )
IPv4      10.11.12.17 (2c:97:19)        HTTP         1        456 B (       5 )       450 B (       6 )
IPv4       10.11.12.7 (47:e1:b9)        ICMP         1        420 B (       5 )       420 B (       5 )
IPv4      10.11.12.15 (94:59:06)       other         3        228 B (       3 )       228 B (       3 )
IPv6  2001:470:527e::a886:c6fc:82a4:bba9 (2c:97:19)        HTTP         1         80 B (       1 )       144 B (       2 )
IPv6  2001:470:527e::a886:c6fc:82a4:bba9 (00:00:00)        HTTP         2          0 B (       0 )         0 B (       0 )
IPv6  2001:470:527e::1 (35:88:49)        HTTP        18          0 B (       0 )     1.64 KB (      21 )

Use -g (group) and -o (order) flags to influence output:

root@jj:~# nlbw -c show -g mac,fam -o conn
  Fam               MAC    < Conn.     Downld. (   Pkts. )      Upload (   Pkts. )
IPv6  74:81:14:2c:97:19         1         80 B (       1 )       144 B (       2 )
IPv6  00:00:00:00:00:00         2          0 B (       0 )         0 B (       0 )
IPv4  a0:99:9b:94:59:06         9     49.70 KB (      88 )    18.59 KB (     106 )
IPv6  00:0d:b9:35:88:49        19          0 B (       0 )     1.64 KB (      21 )
IPv6  64:66:b3:47:e1:b9        32    857.92 KB (   1.16 K)   242.99 KB (   1.34 K)
IPv4  00:f7:6f:a3:5c:1c        39    216.57 KB (     379 )    67.59 KB (     468 )
IPv4  74:81:14:2c:97:19        43    164.77 KB (     502 )   355.83 KB (     646 )
IPv4  64:66:b3:47:e1:b9       501      3.12 MB (   5.19 K)   905.20 KB (   6.79 K)

Prefix order field names with dash to invert order:

root@jj:~# nlbw -c show -g mac -o -conn,-tx
              MAC    > Conn.     Downld. (   Pkts. )    > Upload (   Pkts. )
64:66:b3:47:e1:b9       542      3.96 MB (   6.38 K)     1.12 MB (   8.16 K)
74:81:14:2c:97:19        44    164.85 KB (     503 )   355.97 KB (     648 )
00:f7:6f:a3:5c:1c        42    216.61 KB (     380 )    67.63 KB (     469 )
00:0d:b9:35:88:49        20          0 B (       0 )     1.79 KB (      23 )
a0:99:9b:94:59:06         9     49.70 KB (      88 )    18.59 KB (     106 )
00:00:00:00:00:00         2          0 B (       0 )         0 B (       0 )

Machine readable output, should work well with rrdcollect:

$ nlbw -c csv -g mac -o mac -q
mac     conns   rx_bytes        rx_pkts tx_bytes        tx_pkts
00:00:00:00:00:00       411     72968   751     61428   767
34:02:86:17:5e:03       598     239950465       171095  5715237 86155
ac:37:43:a1:2d:47       125     284027227       205678  6451867 107297

Read stats for a certain time period:

$ nlbw -t 2017-02-01 -c csv -g mac -o mac -q
mac     conns   rx_bytes        rx_pkts tx_bytes        tx_pkts
00:00:00:00:00:00       157     26960   205     17878   218
34:02:86:17:5e:03       327     117213007       83817   3366892 51560

Use the json query to dump the raw database values in JSON format:

root@jj:~# nlbw -c json
...

About

[FORK] Simple conntrack based traffic accounting

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 99.0%
  • CMake 1.0%