Let me rephrase this: the facility of accounting for traffic through a particular tcp or udp connection exists in RouterOS. It is used in the firewall rules via "connection-bytes". It is also available for the connections made by the proxy server under /ip proxy connection.
Questions:
1) why are the TX and RX numbers not available for the normal connections under /ip firewall connection?
2) can connection logging be done internally in RouterOS (not using Netflow)?
2) is there any other way to obtain per connection traffic and use that in a script?
1) Only available transmitted bytes and packets. I tried before to draw firewall traffic using 3rd-party application. I saved transmitted bytes number to the file, using log. My 3rd-party Java application gets that file every 30 minutes and it calculates bits per second. First need to calculate difference between bytes and convert it to bits. Then divide bits into 1800 seconds (30min). Unfortunately it was very bad idea. One weeks later router stopped it shows me error "no buffer to radius". My dummy logging action loaded whole buffer. After that I added Queue simple with this marked traffic. Queue simples are available through SNMP. But also you can do it using API.
[otgonkhuu@MOBINET] > ip firewall filter print stats
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
0 X ;;; Log Invalid
forward log 0 0
1 ;;; Drop Invalid
forward drop 102 741 880 1 570 481
2 ;;; Allow CCagent from SuperV
forward accept 13 083 936 230 905
3 ;;; Allow CallCenter App from SuperV
forward accept 650 230 5 999
4 ;;; Allow MNP75 from SuperV
forward accept 1 834 645 18 534
2) Yes. It shows like following
15:54:09 firewall,info Dropping forward: in:Staff_Bridge out:INTERNET, src-mac 00:0c:42:44:a0:82, proto UDP, 172.10.9.137:123->202.131.224.136:123, len 76
But it is hard to analyze too many logs. Maybe it can be done using 3rd-party application and syslog server.
3) I don`t think so. This type of standard solution is NetFlow. But I never tried it before.