Em 15-04-2014 15:51, Stefan Sieg escreveu: > > Hello, > > with the already mentioned netflow solution you will not see connections > that are not expired. So you will not see "long live" connections like vpn or > ssh > in your statistics at the appointed date. You see them as "ongoing" flows and their bytes_in, bytes_out gets updated every time nfsen calls nfcapd. There is even one nice plugin: http://sourceforge.net/apps/trac/nfsen-plugins/wiki/HostStats to analyze per ip statistics. > > Maybe pf labels is for you ... > > lan = "{ 192.168.5.1, 192.168.5.2, .... }" > match out on $ext_if inet proto tcp to any received-on $int_if nat-to $ext_if > pass in on $int_if inet proto tcp from $lan to any label "$srcaddr" \ > tag LAN-INET > > pass out on $ext_if tagged LAN-INET > > > With "pfctl -s labels" will get this (the numbers are explained in the > manpage) > > 192.168.5.1 57 0 0 0 0 0 0 0 > 192.168.5.2 37 0 0 0 0 0 0 0 > .... > .... > 192.168.5.37 37 1950 1318232 1094 1215437 856 102795 37 > .... > > > "pfctl -z" clears the per rule statistics This solution might work for a small network, but it will surely not scale easyly.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
