IPAccounting setting

This article has last been updated at January 6, 2025.

The property IPAccounting is a systemd unit setting used for accounting. It is available since systemd 235.

Purpose: Define if accounting on network packets and bytes should be used

New to securing and tuning systemd services? Start with the how to harden a systemd service unit article to learn tuning step-by-step, including the usage of relevant tools.

Why and when to use IPAccounting

Systemd unit setting IPAccounting can be used to turn on accounting. If set, it will track the number of network packets and bytes that was send to the related service. It will both incoming (ingress) and outgoing (egress).

Configuration

The default option is that IP accounting is disabled for services. This can be validated by looking at the relevant counters, such as IPIngressBytes and IPEgressBytes. The first one will track how much incoming traffic there was (in bytes), the second for outgoing traffic.

# systemctl show nginx.service | grep -E "^IP"
IPIngressBytes=[no data]
IPIngressPackets=[no data]
IPEgressBytes=[no data]
IPEgressPackets=[no data]

If there is already information available, then IP accounting was enabled in the service or by setting DefaultIPAccounting=yes in a global systemd configuration file.

Example to activate IPAccounting

If you want to monitor your nginx service to see how much traffic is coming in, then we need to make adjustments to the service unit.

Override the service unit and add IPAccounting=yes under [Service].

Restart nginx to activate the new settings.

systemctl restart nginx.service

When traffic goes to or comes from the nginx service, it will become visible in the relevant counters.

# systemctl show nginx.service | grep -E "^IP"
IPIngressBytes=5908
IPIngressPackets=24
IPEgressBytes=3325
IPEgressPackets=13

Generic advice

This setting can be helpful to monitor the traffic that goes to a specific service. Especially if it is unclear how much a service is being accessed.

Values

Systemd unit setting IPAccounting expects a boolean (yes/no or true/false).

Values for systemd unit setting IPAccounting
Value	Intended action	Available since systemd version
no	no accounting of IP packets and data traffic - default	235
yes	enable IP accounting and track network packets and data traffic	235

Example to show the current value of IPAccounting for the ssh service:

systemctl show --property=IPAccounting ssh.service

Frequently Asked Questions

How to use systemctl edit?

Run systemctl with the 'edit' subcommand and service.

systemctl edit UNIT.service

Feedback

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!