bandwidth monitoring

hi, i had some unusual bandwidth usage spikes (GBs) lately and am trying to find out which service they refer to… i have bandwidth monitoring enabled and used that to find out about those spikes in the first place… now i tried to narrow down the services that use up that bandwidth by filtering traffic by internal port… to find all open ports i used a port scanner returning the usual: 21, 22, 25, 53, 80, 110, 143, 443, 554, 993, 995 + webmin/usermin ports… the problem is that when i enter each of those ports, one after the other, into the bandwidth monitoring tool to filter by ‘internal port’ and sum up the bandwidth usage i get around 500MB in total for this morning… however when i let it show ‘everything’ i get 20GB… i can’t work out where that’s coming from… any ideas how to find out more?

nm, i see now that it only shows the parent server. i could have sworn at one point it showed it for each parent and subs<br><br>Post edited by: phynias, at: 2008/04/10 13:50

If you note above the graph there are tabs for parent server, parent and sub, month, date

Howdy,

Virtualmin keeps track of Web, Email, and FTP traffic on your server, and distinguishes between it all.

So if you are hosting “example.com”, and someone started sending out a ton of email, that’s going to show in the Virtualmin logs as email traffic in the example.com Virtual Server.

You can view that in System Settings -> Bandwidth Monitoring -> Show Usage Graph. Then I usually click "Parent and sub-servers".

It’ll show whether it’s web, email, or ftp traffic based on the color of the graph.

That much helps you nail down roughly where the usage is – from there, you’ll probably need to go to the logs to dig up more info once you know what logs to look in.
-Eric