Re: [CentOS] Find out which process consumed Network bandwidth
Take a look at Cacti, which is available in the EPEL repo: https://www.cacti.net/ It's not just for network accounting. It polls multiple hosts for all kinds of data and keeps RRD tables for display. Cacti provides a web interface that can display the data in charts. You'll need to install plugins for iptables to do the actual data collection. I've used this to track per-host Internet usage on my LAN by adding an iptables chain with one do-nothing rule per LAN host, just to maintain a counter for Cacti to poll. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On 9/13/21 18:47, MRob wrote: While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT OUTPUT and "-m owner" are only going to work for outgoing connections, initiated by nginx, which probably isn't much for most systems that aren't reverse proxies. Most of the time, if you want iptables to track the amount of traffic for a specific service, you'll need one or more rules inserted at the beginning of the INPUT chain, before the typical first rule that allows RELATED and ESTABLISHED packets. You could have one rule that allows all traffic to the service port (a stateless rule), or you could have one rule that allows ESTABLISHED traffic to the service port and one that allows NEW,UNTRACKED traffic to the port (stateful rules) That is nice solution! Why do you add a new output rule rather you can look at the existing port rule: # iptables -v -L | grep https xxx yyy ACCEPT tcp -- any any anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what is gained? Because the rule you're looking at only matches NEW and UNTRACKED packets, so it's usually only a record of the TCP SYN packets that initiated connections. If you want a byte count of the traffic for that service, this rule won't provide that. The nginx logs are the most detailed and usually the most useful record of traffic used, but accounting through iptables is also an option. Though, if you're interested in the sort of less detailed logs that you'll get from iptables, then I'd suggest what you want might be NetFlow data: https://www.linuxnetflow.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
See "man iptables-extensions" and "man iptables". I don't know how this works with firewall-cmd, but I imagine firewalld "just" manages iptables? Yes thats right I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT because now "iptables -L" will display a count of the packets that matched each rule and the number of bytes. By comparing with the total packets and bytes for a given time period, you can work out the share for nginx. You can also estimate packet and byte counts by IP and port using this method. You could run an hourly cronjob to log the stats. That is nice solution! Why do you add a new output rule rather you can look at the existing port rule: # iptables -v -L | grep https xxx yyy ACCEPT tcp -- anyany anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what is gained? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On Mon, 6 Sept 2021 at 14:24, Anand Buddhdev On 06/09/2021 19:35, Kaushal Shriyan wrote: Hi Kaushal, I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event Kaushal, While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT because now "iptables -L" will display a count of the packets that matched each rule and the number of bytes. By comparing with the total packets and bytes for a given time period, you can work out the share for nginx. You can also estimate packet and byte counts by IP and port using this method. You could run an hourly cronjob to log the stats. See "man iptables-extensions" and "man iptables". I don't know how this works with firewall-cmd, but I imagine firewalld "just" manages iptables? Good luck! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On Mon, 6 Sept 2021 at 14:24, Anand Buddhdev wrote: > > On 06/09/2021 19:35, Kaushal Shriyan wrote: > > Hi Kaushal, > > > I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find > > out which process consumed network bandwidth during a specific time period? > > > > For example, the Nginx process consumed how much network traffic on Sept > > 01, 2021. > > As far as I know, such accounting isn't done in a standard CentOS > system, so there's no way to determine such information about a past event. > Agreed. The best at this point is looking at the nginx logs and hope they are set up to show bits transferred or something similar to see what ip addresses and files were being used. > Regards, > Anand > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on a BBS... time to shutdown -h now. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Find out which process consumed Network bandwidth
On 06/09/2021 19:35, Kaushal Shriyan wrote: Hi Kaushal, > I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find > out which process consumed network bandwidth during a specific time period? > > For example, the Nginx process consumed how much network traffic on Sept > 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event. Regards, Anand ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Find out which process consumed Network bandwidth
Hi, I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. Best Regards, Kaushal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
