K
K
Konstantin Khairov2018-10-04 11:37:01
linux
Konstantin Khairov, 2018-10-04 11:37:01

How to calculate the IP on which the traffic goes?

Hello . Need advice on how to deal with this situation.
There is a Centos server. One Internet channel is used by one interface, but there are 2 types of requests, the country's internal network (Tas-ix) and external, these are those that are not included in the country's network, that is, users living outside Uzbekistan.

The problem is that this very external traffic is limited and there is not much of it. EXTERNAL IS CLOSED but not completely, that is, it gave access only to Yandex and Google subnets of search bots. Forbidden on each site access to images in general to all images through robots.txt . 2 sites have different content on one 2-3k pages on the other 500 pages approximately in the Google and Yandex index. But there is another site that has almost 20k pages in Google and Yandex.

And the problem is that recently the consumption has been very strong, namely external traffic per day, almost 1GB of traffic leaves before it took an average of 100-200 MB. Pages on that was not much less than about 1000 pages less. There was a need to calculate exactly where the traffic runs away. And I installed the iptraf program to identify the most expensive IP addresses by traffic, but there is logging as I understand each packet in general, and I would just like to find out how much traffic went to each IP.

Is there a way to find out? Does it support Iptraf or do you need something else. And how to implement it? Thank you all in advance for your help.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
V
vman, 2018-10-04
@vman

First, you need to make sure that logging of requests to the WEB server is enabled, depending on which server is used (Apache or Nginx), the logs will be located in the directory:
/var/log/nginx/access.log
/var/log/httpd/ access.log
If there are no logs, then you need to enable logging, for Apache this is done by setting

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

<VirtualHost myhost.com>
    CustomLog /var/log/httpd/myhost.com.access.log combined
    ....
</VitrualHost>

for Nginx
server {
    access_log /var/log/nginx/myhost.com.access.log;
}

Further, I recommend using the log parser https://goaccess.io

S
Sergey Ryzhkin, 2018-10-04
@Franciz

Wireshark?

X
xozzslip, 2018-10-04
@xozzslip

Simply possible. Write logs to a file for a while, then calculate ip-shniks with a script

R
Ruslan Fedoseev, 2018-10-04
@martin74ua

awstats, webalizer - any log analyzer in general

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question