> : I'd need to get a finer split in traffic list, I'd need to get an > : accounted list indicating each service and each new destination > : separately. Is there a package to do that yet? > > Try net-acct. There's a debian package out there. Nice thing, but > produces huuuuge amounts of data. > > It logs > > date / protocol / source_ip:port / dest_ip:port / packets / bytes / user > > for every packet travelling on the connected ethernet segment (putting > the interface in promiscous mode). You can exclude / include specific > networks / addresses.
You can also include/exclude specific fields from being logged as well by modifying /etc/naccttab. For instance, on my system, I only log date, source_ip, dest_ip, and bytes going across my PPP link to my ISP. This keeps things down to a pretty reasonable level - the file is about 500K per day - which gets "emptied" each night by my custom report script. Later, Kevin Traas Systems Analyst Edmondson Roper CA http://www.eroper.bc.ca -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
