IP accounting

[Ing. Radek Andrš]

Zdravim timto vsechny v Linux-konferenci,

Mame takovy problem - potrebujeme totiz sledovat
mnozstvi dat protecenych
pres urcitou IP adresu a nevim jaky soft k tomu
pouzit.
Jestli nekdo o necem vite poradte mi prosim.

Zde je nas pripad:
Zatim pozivame net-account 0.4 avsak ten mi nemeri
prutok dat pres jiny subnet nasi site
konkretne- mame rozmaskovanou sit a jedna mala subsit
(255.255.255.252 = 4 IP adresy tj. 195.39.8.4-7)
je vyhrazena pro dalkove spojeni pevnou linkou (tj pro
router nas a naseho poskytovatele, pricemz nas
router to merit neumi (zn Dynastar 100) - meri pouze
pocet ramcu).
My bychom chteli prave zmerit objem dat prenesenych
pres tento subnet.
Nase interni sit ma masku 255.255.255.224 -
195.39.8.96-127).
Ja jsem na stanici-serveru 195.39.8.125 a chci merit
prutok dat pres 195.39.8.6.(WAN port naseho routeru
Dynastar).
Mozna mam i ten net-account spatne nakonfigurovan -
zde je vypis jeho konfigurace

obsah souboru nacctab
*******************************************************
************************
flush 300                       # flush every 5
minutes
				# this gives the interval in seconds
				# when the accumulated data is flushed
				# to the output file

fdelay 60			# this defines after how many seconds
				# of inactivity a certain record of
				# traffic information may be written out
				# this helps making the logfiles smaller
				# since only one output record will be
				# generated for related traffic

file /var/log/uctoll/net-acct          # defines
output file
				# this is the regular output file of
				# the daemon

dumpfile /var/log/uctoll/net-acct-dump	# defines dump
file
				# this is used to dump the not yet
				# written information so this is not
				# lost should the machine crash
				# on startup an eventuelly existing
				# file of this name will be moved
				# to *.o

device eth0                     # device to put into
promiscous mode
				# you can specify as many as you want
				# and you don't have to specify one
				# (e.g. if this runs on your router)

ignoremask 255.255.255.128        # Ignore traffic on
same class C net
				# This means traffic that is on
				# your local LAN is not counted.
				# This is useful for NFS etc.
				# Not giving this option causes everything
				# to be counted.
				# This can degrade performance seriously!

ignorenet 127.0.0.0 255.0.0.0   # ignore loopback net
				# You can define as many ignorenets as
				# you want. Ignoring a net with
				# ignorenet is not as efficient as
				# ignoremask. Thus you should exclude
				# your local network with ignoremask,
				# not with ignorenet (although this is
				# is possible).

debug 2                         # set debugging level
debugfile /var/log/uctoll/nacctd.debug	# where to put
debugging info

# For dynamic slip/ppp

#dynamicip /var/log/nacct		# where files for dynamic
ip are stored
#dynamicnet 195.39.8.96 255.255.255.224	# on which
network are all the
					# dynamically assigned adresses

exclude-name-lookup	195.39.8.126	255.255.255.255	
exclude-name-lookup	195.39.8.125	255.255.255.255
exclude-name-lookup	195.39.8.124	255.255.255.255
exclude-name-lookup	195.39.8.97	255.255.255.255
exclude-name-lookup	195.39.8.98	255.255.255.255
exclude-name-lookup	195.39.8.99	255.255.255.255
exclude-name-lookup	195.39.8.6	255.255.255.255

# For disabling certain fields
# This is commented out by default
# disable 2			# disable output of protocol

# For excluding certain hosts from ignoring
# This can be useful for a kludgy way to account for
proxy traffic, you'd then
# add your proxy server here.
# I guess I should consider using some filter
language...
# This is commented out by default
# This does not affect addresses excluded by
ignoremask,
# as this would impose too much of a performance
penalty
# dontignore 127.3.4.5 255.255.255.255	# Don't ignore
host 127.3.4.5,
					# although it would be excluded by
					# above ignorenet statement

# line sl0 ttyS0		# On way to
				# assign traffic to a user is if both
				# of the following conditions meet:
				# a) nacctd runs on the ppp/slip server
				# b) the relation between network interface
				# (e.g. sl0, ppp1) and serial line (e.g.
				# ttyS1) is fixed.
				# You can give as many line statements
				# as you want
				# There is a better way now, so this is
				# commented out

*******************************************************
*******************************************************
*


Sdruzeni INTERDATA
Ing. Radek Andrs
tel.: 0413-334270
e-mail: radek na indat.space.cz