Locke's Tiny Utilities Trafficlogger 0.3.0 stable 1. Introduction Trafficlogger is a small program written in ANSI-C which logs your traffic. It should compile and work on all Linux distributions. 2. Requirements - a Linux operating system - the "/proc/net/dev"-file (tested with GNU/Linux Kernel 2.6.16) - GNU make - an ISO-C90 comformant compiler with some IS0-C99 stuff (long long support) best to use: gcc 3. Installation First, you have to compile Trafficlogger, which will be quiet easy if you have gcc. You only have to use: make if you are in the trafficlogger directory (cd trafficlogger-). The Makefile will put the binaries in the directory "trafficlogger-/build". If you don't have gcc then you only have to edit the Makefile (see "Editing the Makefile" below). After this you should install Trafficlogger. You have to be "root" to do this. With make install in the trafficlogger directory you can install it very easily. It will put the binary "trafficlogger" into the "/usr/local/bin/"-directory and the configurationscript "traffic.conf" into the "/etc/trafficlogger/"-directory as a ".sample"-file. The installation will also tune the rights for the files for a good security. After this you have to configurate Trafficlogger. By Default go into "/etc/trafficlogger/" and open the "traffic.conf.sample" with your favourite editor and fill in your needs. Everything to configure is described in the configurationscript, it should be no problem for you to do this. After this you only have to start "/usr/local/bin/trafficlogger". It will run all the time until it gets a SIGTERM- or SIGINT- signal which the Operating System should send when shutting down the system. Trafficlogger will automaticly log the traffic from the specified device in "traffic.conf". Everytime the device gets down, Trafficlogger will log the traffic in the logfile for each connection and make a summary in the summarylogfile. This will be done too if the OS is shutting down. The summarylogfile will also be created every N seconds, see MONTHINTERVALL in the configurationfile. The summarylogfile now also uses the current traffic and not only the traffic logged in the logfile for summarization, so that you know the whole traffic in a month up to date. For best comfort, write a shellscript for the init-daemon and make a link to it from your favourite runlevel, so that you even don't need to start it manually. For example: the script "trafficlogger": #!/bin/sh /usr/local/bin/trafficlogger & Move the script to "/etc/rc.d/init.d" (if you have Mandrake). Then make a symbolic link to the script from your favourite runlevel. Example: ln -s /etc/rc.d/init.d/trafficlogger /etc/rc.d/rc5.d/S00trafficlogger [This is for Mandrake users, this will let Trafficlogger start when your X-Server starts] [Runlevel:5] If you want you can write Killscripts too, to end Trafficlogger without the OS automation. An initscript for gentoo lays in the "sample/initscripts/"-directory. IMPORTANT: You DON'T have to be root to execute Trafficlogger. But for this, Trafficlogger must have the right to read it's configurationscript and must have the right to write it's logs into the specified dirctory. Furthermore, Trafficlogger must have the right to read "/proc/net/dev". This can be quiet important for systemadministrators who don't like root-processess (me too :)). For this you only have to change the directory where Trafficlogger shall watch for "traffic.conf" and also edit "traffic.conf" the right way. See "Editing the Makefile" below. 4. Uninstallation If you want to uninstall Trafficlogger then run: make uninstall in the trafficlogger directory. It will not remove the configurationfile and the logs, so if you want to remove them, remove them manually. 5. Update You only have to do the same like in "3. Installation". The Makefile won't overwright your configurationscript, so that you have to update it manually if there are any changes. 6. Editing the Makefile If you have special wishes or want to change some parts like configurationfile or installationdirectories than you should edit the Makefile. Edit the Makefile with your favourite editor, you will find the following interesting Variables: CC This specifies the compilerbinary which shall be used. (default: gcc) CFLAGS This specifies the compilerflags which shall be used. A good point where you can set optimizations. PREFIX This specifies the root-directory under which all other directories are used for installation. (default: variable not set/empty) BINDIR This specifies the directory where the binaries are installed. USER This specifies the user who shall be used for installing trafficlogger and it's configuration- and logfiles. Use this to set an unprivileged user especially for trafficlogger. (default: root) GROUP This specifies the group which shall be used for installing trafficlogger and it's configuration- and logfiles. Use this to set an unprivileged group especially for trafficlogger. (default: root) CONFDIR This specifies the directory where Trafficlogger shall search it's configurationfile. LOGDIR This specifies the directory where Trafficlogger shall put it's logfiles. Note: DAYLOGPATH and MONTHLOG have been erased out of the configurationfile, so that the install can be automated by make and ensures correct rights/ownership. Note for Systemadministrators: I propose to use an unprivileged user and group like e.g. "trafficlogger". This removes the need for root. It is important that this user can also read "/proc/net/dev". If you specify your unprivileged user/group through USER/GROUP than the installation will handle rights and ownership automaticly. You should add this user/group with e.g. useradd/groupadd (see the manpages for these). After this trafficlogger only has to be started with this specified user for example with the su command. su --command='/usr/local/bin/trafficlogger' 7. Limitations Trafficlogger only logs the traffic from one device, if you want to observe more devices than you can use more instances of Trafficlogger. Don't forget to specify different locations for the configurationfile and logfiles. This will be changed in the future so that Trafficlogger will then be able to log traffic from more devices. For logging purposes now 'unsigned long long' is used so that the logging has bytewise accuracy for up to 2^64-1 Bytes so about 16 Exabyte = 17179869184 Gigabyte. This should be enough for the next future ^^. 8. Bugs and Contact If you find bugs in Trafficlogger, please post it to my sourceforge project page. Or email me: locke_averame@users.sourceforge.net If you find mistakes in my english language post me so i can correct it. Have a nice day with Trafficlogger :-).