Per user network accounting

Posted on 2005-04-22
Medium Priority
Last Modified: 2010-08-05
Is there a way to keep count of the bandwidth used on a per-user basis in Linux?

Nothing to do with websites or anything... I run a server and users use rsync to send data to it.  Unfortuntaely, rsync doesn't have good enough logging capabilities, and even if it did it wouldn't be able to account for overheads.

So is there some other package out there that can keep track of network/bandwidth activity, but break it down on a per-user basis?

The rsync rides on an ssh session, so that might be a possibility too... measuring the data flowing through the ssh session.

I don't know... I've tried various things but I haven't even come close.

Question by:s_mack

Expert Comment

ID: 13846853
I would say you'll either need to break things down by source/destination IP address (e.g. iptables rules which match specific IP's, just to take advantage of packet counters), or use a proxy that can monitor bandwidth.

In the case of the proxy, I'd suggest looking on freshmeat.net for something that does bandwidth shaping/limiting, as it will probably include abilities for accounting.  The other approach would be a SOCKS proxy, as you can usually use a wrapper library on the client side for applications that don't support SOCKS by default.

Unique (and static) source IP's are going to be the best bet, for iptables-based accounting.

Author Comment

ID: 13846876
Found dozens of monitors that are IP based...but that does me no good really, because then I have to keep track of which user belongs to which IP, and that changes all the time.

It amazes me that there isn't an easy way to do this.  Users need to log in and I can measure every other resource imaginable... why not bandwidth?

It must be on a per-user basis, not IP.

In case there is confusion.... these are users belonging to this local machine... not just random unknown hits from throughout the world (like a website).  Each user has an account on the server and logs in via openssh.

Expert Comment

ID: 13846952
There is software that can track users from the network side, and audit their activity, but this is usually part of high-end corporate firewall software.  E.g. in the case of CheckPoint FW-1 / NG, user sessions are established, but this is tied into a PDC and other Windows-esque stuff.

Packets are not processed with user ownership in mind; TCP doesn't offer a "UID" field... hence, there is no "simple" ways of doing this.  There might be some iptables-based NAT / QoS features that can take part here, and/or if you can control a DHCP server and do static IP assignments for the users that need to be accounted.

If you can't get static IP's setup, then you may have to look to a system of custom scripts to do the IP->user mappings for you, to make the reports useful.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Accepted Solution

macker- earned 300 total points
ID: 13846970
Also worth noting here is that often times the application itself is running as root, rather than a user, and it's the application that understands the correlation between a specific user, and the permissions on the disk... the kernel may not see the user-level associations, unless the application changes effective UID and drops root privs, but again, this can be very complicated for the kernel to try and spend time figuring something out for accounting purposes; lots of overhead for data of questionable accuracy.

Author Comment

ID: 13846971
aww crud.

Maybe its just not useful to anyone but me, but I would think that sshd would log this stuff.  

Thanks for your reply.  I'll wait and see if anyone else knows of anything.

Expert Comment

ID: 13849006
Well , bandwidth control have to be address/proto/port based .
So , I think the only sollution is to write a little daemon to bind the user authentication to the sorce ip address of the connection and after to bring that addresses dynamicaly to some ip based traffic shapper .

May be this question have to be plased in 'Linux Programming' too .

Expert Comment

ID: 13857047
This is from redhat mailing list.. but..


LVL 25

Expert Comment

ID: 16375945
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Split Points:  macker- & joju

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question