#1  
Old 25th January 2007, 15:36
steveomach3ww steveomach3ww is offline
Junior Member
 
Join Date: Feb 2006
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Default Bandwidth logs

I am in need of some help. I loged into my server last night and noticed that i had used over 20gig in logs and when i went in there i found that the bandwidth is recording to the bandwidth log, kern.log, and syslog how do i stop so i dont have it checking the bandwidth.
Thank You
Reply With Quote
Sponsored Links
  #2  
Old 26th January 2007, 17:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What exactly gets logged?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 26th January 2007, 21:56
steveomach3ww steveomach3ww is offline
Junior Member
 
Join Date: Feb 2006
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It looks like all of the bandwidt and it is writing it to these 3 logs. Debug, kern, and syslog

here is a little peice of it.

Jan 26 14:55:02 fireviper kernel: [43553489.560000] BANDWIDTH_IN:IN=eth0 OUT= MAC=00:07:95:de:47:5e:00:15:fa:c9:83:e6:08:00 SRC=24.86.116.72 DST=12.169.23.22 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=51646 DF PROTO=TCP SPT=2352 DPT=19710 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.570000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=151.46.238.126 DST=192.168.2.60 LEN=57 TOS=0x00 PREC=0x00 TTL=112 ID=17817 DF PROTO=TCP SPT=57143 DPT=4545 WINDOW=17520 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.600000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=62.31.204.252 DST=192.168.2.206 LEN=1500 TOS=0x00 PREC=0x00 TTL=107 ID=6695 DF PROTO=TCP SPT=17797 DPT=4167 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.610000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=62.31.204.252 DST=192.168.2.206 LEN=628 TOS=0x00 PREC=0x00 TTL=107 ID=6696 DF PROTO=TCP SPT=17797 DPT=4167 WINDOW=65535 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.610000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.206 DST=62.31.204.252 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=34789 DF PROTO=TCP SPT=4167 DPT=17797 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.660000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=87.90.196.15 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=48353 DF PROTO=TCP SPT=39801 DPT=4769 WINDOW=0 RES=0x00 ACK RST URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.660000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=89.0.176.246 DST=192.168.2.60 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=59656 DF PROTO=TCP SPT=59425 DPT=4685 WINDOW=64843 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.660000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=89.0.176.246 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29188 DF PROTO=TCP SPT=4685 DPT=59425 WINDOW=65050 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.670000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=201.143.0.95 LEN=1492 TOS=0x00 PREC=0x00 TTL=127 ID=29189 DF PROTO=TCP SPT=4548 DPT=12438 WINDOW=65011 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.670000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=201.143.0.95 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29190 DF PROTO=TCP SPT=4548 DPT=12438 WINDOW=65011 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.700000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.46.238.126 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29191 DF PROTO=TCP SPT=4545 DPT=57143 WINDOW=64810 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.750000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=83.213.33.205 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=13514 DF PROTO=TCP SPT=61492 DPT=4620 WINDOW=20888 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.800000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=74.193.11.116 LEN=108 TOS=0x00 PREC=0x00 TTL=127 ID=29192 DF PROTO=TCP SPT=4770 DPT=50278 WINDOW=65535 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.46.238.126 LEN=1500 TOS=0x00 PREC=0x00 TTL=127 ID=29193 DF PROTO=TCP SPT=4545 DPT=57143 WINDOW=64810 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=83.213.33.205 LEN=1492 TOS=0x00 PREC=0x00 TTL=127 ID=29194 DF PROTO=TCP SPT=4620 DPT=61492 WINDOW=64172 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=83.213.33.205 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29195 DF PROTO=TCP SPT=4620 DPT=61492 WINDOW=64172 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.870000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.46.238.126 LEN=1500 TOS=0x00 PREC=0x00 TTL=127 ID=29196 DF PROTO=TCP SPT=4545 DPT=57143 WINDOW=64810 RES=0x00 ACK PSH URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.930000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=74.193.11.116 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=53777 DF PROTO=TCP SPT=50278 DPT=4770 WINDOW=65467 RES=0x00 ACK FIN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.930000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=74.193.11.116 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29197 DF PROTO=TCP SPT=4770 DPT=50278 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.930000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=74.193.11.116 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=29198 DF PROTO=TCP SPT=4770 DPT=50278 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553489.990000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=201.143.0.95 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x20 TTL=114 ID=50031 DF PROTO=TCP SPT=12438 DPT=4548 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.020000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.206 DST=151.205.169.192 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=34790 DF PROTO=TCP SPT=4433 DPT=55206 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=151.37.235.253 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29199 DF PROTO=TCP SPT=4773 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=200.66.9.132 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29200 DF PROTO=TCP SPT=4774 DPT=6881 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=81.199.68.29 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29201 DF PROTO=TCP SPT=4775 DPT=51136 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=86.124.27.71 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29202 DF PROTO=TCP SPT=4779 DPT=17885 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.030000] BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=192.168.2.60 DST=84.251.235.122 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=29203 DF PROTO=TCP SPT=4780 DPT=54001 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 26 14:55:02 fireviper kernel: [43553490.060000] BANDWIDTH_IN:IN=eth0 OUT=eth1 SRC=74.193.11.116 DST=192.168.2.60 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=53782 DF PROTO=TCP SPT=50278 DPT=4770 WINDOW=65467 RES=0x00 ACK URGP=0
Reply With Quote
  #4  
Old 26th January 2007, 22:11
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

The log messages come from your firewall, which is doing it job apparently to stop an overload of data to your network cards. What does seem to be strange is you have excessive traffic on both your interfaces, from eth0 to eth1, from external to (mostly) internal addresses.

Could you router have gone "mad"? Or routes are changed recently somewhere (unintentionally)?
Reply With Quote
  #5  
Old 27th January 2007, 04:54
steveomach3ww steveomach3ww is offline
Junior Member
 
Join Date: Feb 2006
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Default

the reason for so much traffic is beacuse of using bittorrent which i am downloading and people are uploading from me and another guy. i just want to stop it from logging all of this or change the size of log files before they rotate.
Reply With Quote
  #6  
Old 27th January 2007, 12:17
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

Are you using logrotate? If yes, there's a 'size' option, which will rotate logs based on size. Shameless copy from the man logrotate page:
Code:
 "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
           mail www@my.org
           size 100k
           sharedscripts
           postrotate
               /usr/bin/killall -HUP httpd
           endscript
       }
Apply the 'size' directive to the logfiles you want rotated sooner will probably help.
Reply With Quote
  #7  
Old 28th January 2007, 21:52
steveomach3ww steveomach3ww is offline
Junior Member
 
Join Date: Feb 2006
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Yes i am using logrotate and will use that peice of code but is there a way to stop having the bandwidth being logged in to the 3 different log files meaing the debug file, syslog file, and kernal file. Thank You
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
domains, subdomains, webspace, bandwidth.. TheRudy General 17 19th February 2007 18:31
Bandwidth Monitoring xenlab HOWTO-Related Questions 4 3rd November 2006 18:31
Problem with logs minskog Installation/Configuration 1 23rd May 2006 19:10
Determining server bandwidth required in data center Gary Server Operation 2 28th January 2006 12:39
Access Logs themachine Installation/Configuration 4 2nd December 2005 10:15


All times are GMT +2. The time now is 13:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.