I have a sub-net of machines which are run autonomously by users. I control the server which acts as gateway between the sub-net and the internet. My server is running Ubuntu.
I'm looking for a way to:
- Record the amount (only need size, don't care about what or from where) of incoming and outgoing network traffic per sub-net IP.
- Subsequently query the amount of network traffic that occurred on a particular IP address during a particular time-frame.
- Bonus: Allow me to cap or shape traffic for a specific IP address once a certain (configurable) volume has been reached.
Basically, something that let's me account and charge users for their network traffic.
Basically you will need three things: a probe, a data collector and a visualizer/shaper/web interface. There are a number of free probes on the market: ipcad and ndsad are probably the most popular. Both can export NetFlow records. A free data collector is pmacct, it can collect both NetFlow and sFlow and right traffic information to an RDBMS. It does not need a probe on Linux, since it can use libpcap for measuring traffic. A good visualizer/shaper is more difficult to find. I used to use NeTAMS. It's 3.XX family is free but it lacks English documentation almost completely. There is something called Captrap, but I've never tried it.
Ever heard of ntop? That may be a good solution for statistics but it seems you may want more...
If you want to cap something or 'shape traffic' (Which i think you mean more QoS) than I would go with Squid Proxy server. It can't give you real time statistics but you can right nightly scripts that pulls IP's and sites visited and than tailor your squid.conf file to do quality of service for specific hosts and protocols.
Employing both could be a reasonable solution as well.
mrtg