I have been using webmin's bandwidth monitoring function for a while but (as anyone who's ever used it) i have a few issues:
3 huge (~250MB and growing) log files: /var/log/bandwidth, kern.log and syslog.
also the 'dmesg' only outputs these log messages:
BANDWIDTH_IN:IN=eth0 OUT= MAC=00:16:3e:00:00:c6:00:0c:db:0d:e2:4c:08:00 SRC=220.127.116.11 DST=18.104.22.168 LEN=92 TOS=0x00 PREC=0x00 TTL=116 ID=36035 DF PROTO=TCP SPT=4399 DPT=22 WINDOW=64711 RES=0x00 ACK PSH URGP=0
BANDWIDTH_OUT:IN= OUT=eth0 SRC=22.214.171.124 DST=126.96.36.199 LEN=92 TOS=0x10 PREC=0x00 TTL=64 ID=42455 DF PROTO=TCP SPT=22 DPT=4399 WINDOW=10720 RES=0x00 ACK PSH URGP=0
I installed syslog-ng in hopes that i could change this behaviour but to no avail. the real problem i see is that shorewall/iptables only logs to "kern" facility...
has anyone found a way arround this? maybe even using some other firewall?