How can I monitor per-user bandwidth on linux?

I'm looking to monitor how much bandwidth different users consume on a server.

Effectively, I'm looking for something like UserIPacct (http://ramses.smeyers.be/homepage/useripacct/), where I can get a print-out like:

    User       Sent       Received     Flags
    root       401364     401421
    news       2143       2210
    lf         221462     348287

Sadly, useripacct is not available for the 2.6 kernel series.

Solution 1:

I don't know of any pre-existing solutions, but you can do this with netfilter using the 'owner' match extension, although you'll probably have to play with conntrack a bit to catch and account for the inbound packets (and you'd miss the initial connection setup packets, as they're not managed by a userspace process). I'd imagine that a non-netfilter solution would also be possible (a la ntop and the like) but it'd almost certainly get ugly and CPU intensive very quickly.

Honestly, though, I have pretty serious doubts that you're solving the right problem. Accounting for traffic on a per-user basis is better done by analysing the server-level logs (Apache, MTA, POP/IMAP server, etc) and accounting/billing on that basis (with an appropriate overhead for the bits they don't catch, like DNS). Trying to tie everything back to a user almost certainly won't have the results you expect.

Solution 2:

For real-time monitoring you can use iftop. If your looking for a log and report solution, then you can use pmacct. Works very nicely and can give you 1/2 hour, daily, weekly, monthly and yearly roll-ups.

As an aside, we use it a work in association with RRD tool to produce nice 'real-time' graphs.