I suggest to check net-acctd before giving suggestions to use it :) We use both net-acctd and iptables rules on our router. The results from both methods are the same, in byte.
Iptables accounting is much better method if you have heavy traffic on your router because nacctd is user-space daemon which starts accumulating cpu time when load goes up. When daemon is not able to keep up with the traffic, it starts dropping packets, so the results you get from it are incorrect. Iptables, however, never looses packets because they are counted in kernel. The only problem is to write suitable script which reads and stores the values. Of course, in order to get useful data out of log files generated by nacctd you need helper utils, too. bye, Kresimir On Thu, Jul 26, 2001 at 10:32:34AM +0200, Stefan Hornburg Racke wrote: > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> writes: > > > Hi to all! > > > > I have a question about packets & bytes counter made with iptables: > > > > my problem is that when I reboot my firewall i lost all the counters stored > > with iptables. > > > > Can I prevent this ? > > Don't rely on counters. I suggest to use some completely separate software > like net-acctd which reads the packets outside of netfilter. > > Ciao > Racke > > -- > Racke happily hacks Interchange and maintains Debian packages like Courier. > > For projects and other business stuff please refer to COBOLT NetServices > (URL: http://www.cobolt.net; Email: [EMAIL PROTECTED]; Phone: 0041-1-3884400) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
