How can I monitor per-user bandwidth on linux?

linux monitoring bandwidth

5,883

Solution 1

I don't know of any pre-existing solutions, but you can do this with netfilter using the 'owner' match extension, although you'll probably have to play with conntrack a bit to catch and account for the inbound packets (and you'd miss the initial connection setup packets, as they're not managed by a userspace process). I'd imagine that a non-netfilter solution would also be possible (a la ntop and the like) but it'd almost certainly get ugly and CPU intensive very quickly.

Honestly, though, I have pretty serious doubts that you're solving the right problem. Accounting for traffic on a per-user basis is better done by analysing the server-level logs (Apache, MTA, POP/IMAP server, etc) and accounting/billing on that basis (with an appropriate overhead for the bits they don't catch, like DNS). Trying to tie everything back to a user almost certainly won't have the results you expect.

Solution 2

For real-time monitoring you can use iftop. If your looking for a log and report solution, then you can use pmacct. Works very nicely and can give you 1/2 hour, daily, weekly, monthly and yearly roll-ups.

As an aside, we use it a work in association with RRD tool to produce nice 'real-time' graphs.

5,883

Author by

Admin

Updated on September 17, 2022

Comments

Admin almost 2 years
I'm looking to monitor how much bandwidth different users consume on a server.

Effectively, I'm looking for something like UserIPacct (http://ramses.smeyers.be/homepage/useripacct/), where I can get a print-out like:
```
    User       Sent       Received     Flags
    root       401364     401421
    news       2143       2210
    lf         221462     348287
```
Sadly, useripacct is not available for the 2.6 kernel series.
- Admin almost 15 years
  
  alright looks like this is the clear way to do this: siphon9.net/loune/2009/07/…
Admin almost 15 years

In my case, I'm allowing users to execute arbitrary code on my server, so I need a very general solution to track them. Following this image: jengelh.medozas.de/images/nf-packet- flow.png I modified the RAW table: Chain OUTPUT (policy ACCEPT) target prot opt source destination MARK tcp -- anywhere anywhere owner UID match emp1 MARK xset 0x64/0xffffffff Sadly, I'm not seeing any marks in conntrack -L (all have mark 0). Am I doing somethign wrong?
Admin almost 15 years

vnstat is a nice tool, but I need something that will give me bandwidth usage per-user (or at least per-process (+children))
Admin almost 15 years

A nice tool, but it doesn't seem to be able to track linux uids.
niXar almost 15 years

Sam, keyword: "per user."
niXar almost 15 years

It's crazy how many people don't read the question.
Sam almost 15 years

Yes I realize that. But it has to be said, if the linux box is acting as a proxy server / gateway, then my interpritation is perfectly valid.
cop1152 almost 15 years

read the question...offered my answered anyway....and leaving it put..here, I will list it again: It may not be exactly what you are looking for, but vnstat has some nice features and its totally free. It will display bandwidth in real time, days total, week total, month total, etc.