Chinaunix

标题: linux 做nat 统计出流量最大的目标IP [打印本页]
作者: 996414666    时间: 2014-01-22 11:56
标题: linux 做nat 统计出流量最大的目标IP
麻烦大侠们指点下!
需求:
利用linux下的工具 例如:iftop iptraf 统计出流量最大的目标IP(前三即可),然后收集到一个log文件中就OK。

本人尝试了用iftop 但是iftop又不带有日志功能 ,又尝试了iptraf 虽然它能输入日志,可是它输出的日志是(如下)这种的我该怎么把流量最大的IP提出出来 求大神帮忙!

iptraf 日志

Wed Jan 22 10:27:48 2014; TCP; eth1; 46 bytes; from 10.10.10.10:1130 to 61.135.185.140:80; FIN acknowleged
Wed Jan 22 10:27:49 2014; UDP; eth1; 229 bytes; from 10.10.10.10:138 to 10.10.10.255:138
Wed Jan 22 10:27:52 2014; TCP; eth1; 46 bytes; from 10.10.10.10:1131 to 61.135.185.140:80; Connection reset; 6 packets, 1214 bytes, avg flow rate 0.64 kbits/s; opposite direction 5 packets, 488 bytes; avg flow rate 0.64 kbits/s
Wed Jan 22 10:27:52 2014; TCP; eth1; 46 bytes; from 10.10.10.10:1130 to 61.135.185.140:80; Connection reset; 8 packets, 2113 bytes, avg flow rate 1.14 kbits/s; opposite direction 8 packets, 888 bytes; avg flow rate 1.14 kbits/s
Wed Jan 22 10:28:36 2014; UDP; eth1; 244 bytes; from 10.10.10.10:138 to 10.10.10.255:138
Wed Jan 22 10:29:47 2014; TCP; eth1; 424 bytes; from 61.167.56.46:80 to 10.10.10.10:1132; FIN sent; 38761 packets, 56574584 bytes, avg flow rate 3508.50 kbits/s
Wed Jan 22 10:29:47 2014; TCP; eth1; 46 bytes; from 10.10.10.10:1132 to 61.167.56.46:80; FIN acknowleged
Wed Jan 22 10:29:47 2014; TCP; eth1; 46 bytes; from 10.10.10.10:1132 to 61.167.56.46:80; FIN sent; 19559 packets, 909069 bytes, avg flow rate 56.37 kbits/s
Wed Jan 22 10:29:47 2014; TCP; eth1; 40 bytes; from 61.167.56.46:80 to 10.10.10.10:1132; FIN acknowleged
Wed Jan 22 10:30:17 2014; UDP; eth1; 71 bytes; from 10.10.10.10:1025 to 202.97.224.68:53
Wed Jan 22 10:30:17 2014; UDP; eth1; 350 bytes; from 202.97.224.68:53 to 10.10.10.10:1025
Wed Jan 22 10:30:17 2014; TCP; eth1; 48 bytes; from 10.10.10.10:1133 to 23.207.114.70:443; first packet (SYN)
Wed Jan 22 10:30:17 2014; TCP; eth1; 48 bytes; from 23.207.114.70:443 to 10.10.10.10:1133; first packet (SYN)
Wed Jan 22 10:30:18 2014; TCP; eth1; 46 bytes; from 10.10.10.10:1133 to a23-207-114-70.deploy.static.akamaitechnolog:443; Connection reset; 9 packets, 973 bytes, avg flow rate 7.00 kbits/s; opposite direction 8 packets, 4205 bytes; avg flow rate 7.00 kbits/s
Wed Jan 22 10:31:41 2014; ******** IP traffic monitor stopped ********

作者: q1208c    时间: 2014-01-22 14:24
试试 netflow 吧.

好象叫 ntop, 连web接口都有了 . 你直接看就行了.
作者: Shell_HAT    时间: 2014-01-22 15:52
  1. awk -F '[: ]+' '/from/{a[$13]+=$10}END{for(i in a)print i,a[i]}' iptraf.log | sort -k2,2nr | head -n 3
复制代码




欢迎光临 Chinaunix (http://bbs.chinaunix.net/) Powered by Discuz! X3.2