Hi,
I went through the man pages, searched Google, searched the FAQ, searched
the Wiki, searched the mail list archives, and if I missed what I'm
looking for, just point me at it and perhaps suggest a useful search
string.
I have several Linux servers, each serving several users their own
database, each database has its own port. I have root.
What I want to do is see who (which IP address) connects when, how much
is transferred (in and out), when they disconnect. Maybe more based on
what things look initially, but that's the core of what I want.
I don't want to capture packets (for various reasons including load),
which is where I have trouble figuring out how to get Wireshark to work.
So my first question is: Is there some other tool that is a better
choice, and if so which?
Assuming Wireshark can do what I want (can it?): How?
I'm not looking for fancy, in fact I prefer simple, and naturally
something with minimal load on the box. A file with lines something like
this:
10.11.12.13 1334933001 11534336 698351616 1334934052
10.11.12.14 1334934053 1572864 1572864 1334935001
10.11.12.15 1334933000 76546048 456150656 1334937017
That is: IP, date +%s start time, bytes to server, bytes from server,
date +%s end time. Presumably written as each connection closes. I'm OK
with counting in memory, but don't require it!
I'm OK with, but don't prefer, a file similar to:
OPEN 10.11.12.15 1334933000
OPEN 10.11.12.13 1334933001
CLOSE 10.11.12.13 1334934052 11534336 698351616
OPEN 10.11.12.14 1334934053
CLOSE 10.11.12.14 1334935001 1572864 1572864
CLOSE 10.11.12.15 1334937017 76546048 456150656
I found a program that sounded like it was written to do this, but when
it failed to compile for me I asked a programmer friend about it, and
said something along the lines of "since he did foo, then it is bar, and
you shouldn't use it even if you could get it to compile".
Brian
--
As you read my email, keep in mind what Ryan North posits:
"Every day each of us says the dumbest thing we are going to say that day."