Hy,
using pmacct-0.8.3
ip accounting scenario:
- traffic to/from 130 ip clasess defined as Metropolitan
- the rest of the traffic is classified as External (to/from)
Goal:
to be able to account on each host of my network (cidr : /26) ammount of
traffic differentiated
by the classes above mentioned (e.g. traffic to/from External, traffic
to/from Metropolitan)
Paolo was very kind and, i thank him again, and sent the highlited
changes for 0.8.3 (tagging becomes explicit and pretag_filter directive
now accepts the '0' value)
and that is very helpfull in achiveing the goal
e.g. Metropolitan class to be tagged following an algorithm based on:
id is prefix 1 if it's outgoing traffic, followed by an ip descriptor
(last 3 digits)
id is prefix 2 if it's incoming, followed by an ip descriptor (last 3
digits)
and External class to be left untagged (0)
pmacctd.conf looks like this , using print plugin to spot out if the
traffic is tagged
pre_tag_map: /usr/local/pmacct/etc/tag
aggregate[in]: tag,dst_host,proto
aggregate[out]: tag,src_host,proto
! xxx.xxx.xxx.xxx/26 = internal network
aggregate_filter[in]: dst net XXX.XXX.XXX.XXX/26
aggregate_filter[out]: src net XXX.XXX.XXX.XXX/26
! here goes the filtrer ... cidr/26 would need room here
pre_tag_filter[in]: 2194, 2195, 2196, 2220, 2224 !....
pre_tag_filter[out]: 1194, 1195, 1196, 1220, 1224 !....
plugins: print[in], print[out]
pmacctd runs with -N , -f on the gateway
THE ISSUE: "tagging map" (e.g. pre_tag_map file) DOESN'T work if
generated by bash/perl but works if generated by hand *
* = OpenOffice spreadsheet (i am ashamed !!!!!!!!!), concatenate
function used , copy / paste
the bash script:
#---------------
array1=(`mysql -u qos -B --column-names=FALSE -e "use qos; select ip
from users"`)
array2=(`mysql -u qos -B --column-names=FALSE -e "use qos; select
CONCAT(inet_ntoa(metro),'/',cidr) as class from MetroClass ORDER by metro"
for (( i = 0 ; i < [EMAIL PROTECTED] ; i++ ))
do
tail_from_ip=`echo ${array1[$i]} | cut -f 4 -d "."`
echo "processing $tail_from_ip"
for (( j = 0 ; j < [EMAIL PROTECTED] ; j++ ))
do
## !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#### PLEASE NOTICE THE TAB, i've checked out the pre_tag_map example and
found out the tab between id description and filter syntax
## !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo -e "id=1$tail_from_ip\tfilter='src host ${array1[$i]} and
dst net ${array2[$j]}'"
echo -e "id=2$tail_from_ip\tfilter='dst host ${array1[$i]} and
src net ${array2[$j]}'"
done
done
#---------------
.... all this piped into tag file. (>) ..... *This doesn't WORK.*
Workaround .... OpenOffice - spreadsheet (!i feel very unconffortable
doing this ...)
the concat function looks like this
#### PLEASE NOTICE THE 3 spaces in the syntax.
=CONCATENATE("id=2";E2;" filter='dst host XXX.XXX.XXX.";E2;" and src
net ";A2;"'")
=CONCATENATE("id=1";E2;" filter='src host XXX.XXX.XXX.";E2;" and dst
net ";A2;"'")
*I also tried this in bash/perl (3 spaces), but ... no chance in getting
it to work.
*I am certanly missing something here, and very dissapointed that i have
to use OpenOffice ... you can imagine that it's a lot of work ....
If anyone can point out where i am doing wrong, please, let me know
Also i would like to know if some of you have comments on pmacctd.conf,
i have "chewed" this simple setup in order to work with only one mysql table
and the rest of the job, weekly cleaning out and analysis to be
script-driven
Thanks for pmacctd ... great load (below 0.5 on 512 mb ram, 1700 mhz
Athlon, slackware 10.0 k 2.4.28) while accounting cidr/26 internal class
that is
service-classified as "proffesional downloaders" :)
Best regards,
mrugan
