I need to be able to track client data usage between their VM and an S3 compatible object storage bucket (accessed via https). I've installed ntopng community edition on the VM and right now it's dumping all it's data into a MySQL database.
I've noticed that the overhead of ntopng is not inconsequential, and these are not resource rich VM's, so I'd like to lessen it's memory/resource footprint if I can. I'm ONLY interested in the connection described above, so is there a way to apply a filter to only track connections from a certain origin rather than tracking ALL traffic?
I'm actually only interested in the INBOUND traffic as well, as uploads are not billable, so I've already set the --capture-direction=1 flag to only track RX traffic (from Bucket to VM).
I'm assuming that the web server component is either idle or disabled as I have not set any values for those params. Or do I need to specifically disable them somehow? Lastly, I've disabled all DNS features.
Here is my current configuration at /etc/ntopng/ntopng.conf...
# ntopng Configuration
--community
-G=/run/ntopng.pid
-e=
-i=eth0
-n=3
--capture-direction=1
-N=myhost.tld
-F=mysql;/run/mysqld/mysqld.sock;ntop;flows;user;pass
Alternatively, is there a better and/or lighter weight method of achieving what I need? My goal is simply at the end of the month to know that Acme Co's VM used n GB of data.
I found a much better method for achieving my goal of tallying traffic from a specific IP. It's possible to do this using
iptables/nftableswhich is already running in the kernel and already capable of incrementing both packet and byte totals. It's a slightly more complicated configuration but worth it for the much lower overhead and simplicity.Where are nftables counters logged/stored, and how long do they persist?