[CentOS-mirror] big_bw: Bandwidth Reporting Script

greg at raystedman.org greg at raystedman.org
Thu May 1 16:13:17 UTC 2008

Good Morning,

The discussion about "RayStedman.org Bandwidth" inspired me to write a
script that reports who the largest bandwidth consumers by ip address and
host name.  The report looks like this:

  3,867,534,553   adsl-66-159-202-142.dslextreme.com.
  3,847,010,060   190-82-182-19.adsl.cust.tie.cl.

I'm sure this kind of thing has been done many times in the past by other
tools. I thought I would post the script I created just in case it might be
helpful to others on this forum.

Thanks again for your feedback on this topic.  Greg


# big_bw -- written by Greg Sims 05/01/08

# this script takes as input apache httpd log files access_log and
# access_log.processed. a report is generated that contains one line
# per ip address with the following fields: bandwidth consumed,
# the ip address and the host name associated with the ip address.
# it is important to use mod_logio in the creation of the log files
# to ensure the proper number of bytes are recorded in each log
# entry.  please see http://www.devside.net/guides/config/bytes-sent
# how to accomplish this.

# directory where access_log and access_log.processed are located

# create bw.raw containing the ip address and bandwidth for each record;
# sort the resulting file by ip address
cd /tmp
cat $basedir"access_log" >bw.log
cat $basedir"access_log.processed" >>bw.log

cat bw.log | cut -d' ' --field=1,10 | sort >bw.raw

# read through bw.raw and create bw.sum which contains one line per
# ip address.  each line in bw.sum contains the amount of bandwidth
# consumed and the ip address that used the bandwidth
rm -f bw.sum

while read inputline;
  ip=$(echo "$inputline" | cut -d " " -f 1)
  bw=$(echo "$inputline" | cut -d " " -f 2)
  if [ "$bw" = "-" ];

  if [ "$thisip" != "$ip" ];
    echo $thisipbw $thisip >>bw.sum
    if [ $bw != "-" ];
      thisipbw=$(( $thisipbw + $bw ))

done < "bw.raw"

# sort bw.sum so the largest amount of bandwidth used is at the top.
# create bw.sum.sort which is the largest 35 consumers of bandwidth.
# write a report to stdout doing some formatting in the process.
sort -nr bw.sum | head -n 35 >bw.sum.sort

while read inputline;
  bw=$(echo "$inputline" | cut -d " " -f 1)
  bw=$(echo "$bw" | sed -e :a -e 's/\(.*[0-9]\)\([0-9]\{3\}\)/\1,\2/;ta')
  ip=$(echo "$inputline" | cut -d " " -f 2)

  echo -n $bw | sed -e :a -e 's/^.\{1,14\}$/ &/;ta'
  echo -n "  "
  echo -n $ip | sed -e :a -e 's/^.\{1,15\}$/ &/;ta'
  echo -n "   "
  host_name=$(host $ip | sed 's/^.*pointer //' | sed 's/.*DOMAIN)//')
  host_name=$(echo "$host_name" | sed 's/.*alias for //')
  echo $host_name

done <"bw.sum.sort"

More information about the CentOS-mirror mailing list