22
edits
Changes
→Solution: add a hint for exact value
* run some cron job that dumps statistics to some file
* add init script that creates iptables rules on [[HN]] start.
If you want to process the results with a script it is useful to use the "-x" or "--exact" option of iptables
<pre>
# iptables -nvx -L FORWARD
</pre>
You will get the exact value of the packet and byte counters, instead of only the rounded number in K’s (multiples of 1000) M’s (multiples of 1000K) or G’s (multiples of 1000M).
As is easy to see, it's not per-VE statistic, but rather per-IP statistic. Thus you must be careful
To observe results:
<pre>
# iptables -nv nvx -L INPUT
Chain INPUT (policy ACCEPT 542 packets, 63745 bytes)
pkts bytes target prot opt in out source destination
35 4533 all -- venet0 * 0.0.0.0/0 192.168.0.117
# iptables -nv nvx -L OUTPUT
Chain OUTPUT (policy ACCEPT 247 packets, 27847 bytes)
pkts bytes target prot opt in out source destination
you can just replace the rule with the same rule:
<pre>
# iptables -nv nvx -L FORWARD
Chain FORWARD (policy ACCEPT 101 packets, 10715 bytes)
pkts bytes target prot opt in out source destination
57 5564 all -- * * 0.0.0.0/0 192.168.0.117
# iptables -R FORWARD 1 -s 192.168.0.117
# iptables -nv nvx -L FORWARD
Chain FORWARD (policy ACCEPT 101 packets, 10715 bytes)
pkts bytes target prot opt in out source destination