Log outgoing Traffic with IPTables - get statistics

Hello everybody,
i have a customer, who uses opensuse as firewall before the gateway (adress of the firewall is: 192.168.1.19, gateway is 192.168.1.1.).

we have a - sometimes - slow internet connection. we suspect that the windows clients and their updates are the problem.
i would like to monitor the outgoing traffice to get statistics about the top 10 connections with consumed data.

is there any possibility to get aggregated logs for every day? or do i have to set up a rule first to log the outgoing data to the gateway?

as i have learned (i am no linux guru), i should save the iptable-rules to have them after a reboot.

dear community, do have a hint for me how to this via command line?

thanks,

Gerald

Been a long time since I’ve personally done that kind of content monitoring…

IIRC was a good reason then to build a firewall appliance using something like

Smoothwall
http://www.smoothwall.org/

m0n0wall
http://m0n0.ch/wall/index.php

If you didn’t want or need things built for you, you could probably modify iptables rules to log, once you’ve generated a log, you can manipulate in any way, eg sort for greatest occurences, graph, more. There are a multitude of tools that can consume log data and display in a graph which I’ve used to display apache data (all likely can be adapted to other log formats)

TSU

m0n0wall project officially ended February of 2015. The project page recommends trying:
https://opnsense.org/