#40 Duplication of traffic in CDF logs
From: domagoj.plestina@gmail.com
As per documentation, traffic should be commited to log files at regular intervals in format: IP,timestamp,...
Each line should represent byte counter values during last interval.
After inspecting cdf logs I have noticed that on occasion same data is commited twice.
For example, time interval for commiting to log.4.0.cdf should be 12hrs, or 43200s. However, some log entries are added before the interval expires, and then again when interval expires.
Log example:
1. 0.0.0.0,1226586508,80412941,55183,23172924,57184194,0,8348214,136932,207531976,237346,17918734,189375896,0,105282997,422521
2. 0.0.0.0,1226629694,367022006,14067,41594815,325411924,0,158718370,6032,1382023607,388425,211354000,1170281182,0,340350501,1832
3. 0.0.0.0,1226629709,367392733,14067,41600177,325777289,0,158718133,6032,1382057142,388548,211356026,1170312568,0,340350301,1832
4. 0.0.0.0,1226703757,159229662,1440,1208356,158015370,0,37810791,2782,1304325465,17132,7888263,1296420070,0,261046237,71757
5. 0.0.0.0,1226703774,159637271,1440,1208246,158423089,0,37810438,2782,1304327629,17132,7888069,1296422428,0,261044093,71757
In line 1 data is commited, then in line 2 after 43186 seconds new data is commited, but since 12hr interval has not expired yet, counters were not reset, and after further 15 secs same data is commited again in line 3.
Approximately 60% of log entries have this anomaly, which leads to significant error when reporting data.
For example, data counter on my ISPs side (whose accuracy I am unsure of as well) tells me that I have transferred cca 180 GiB during last 72 days. For the same period, bandwidthD reports traffic volume of 301 GiB.
Perhaps I misunderstood log file logic, but if I haven't this could be a significant error.
Best regards,
Domagoj Plestina
I am experiencing the same thing, even with mysql log.
I am logging on all interfaces, and my server is a gateway to internet.
And from what I understand :
my server external IP logging is accurate
my lan client traffic is at least doubled. I think that bandwidth monitor log either on eth0 (lan) and eth1(wan) the traffic for my clients. Further more my external connection use ppp, so technically there are 3 to monitor with "any" ...
total traffic is totally outsized. ( 2 or 3 time even considering local traffic.)
indeed logging only my external