Hi Mario, I want to make configuration in PMacct for my requirement. Let me reframe this question.
-I get triggering message in PMacct (e.g. from TCP/UDP port). -I decode the message. -I get an IP address and database logging on/off information. If I get logging ON for an IP address then I want to make its entry in MySQL and start accounting. If I get logging OFF for an IP address then I want to stop accounting for that IP. I will ignore accounting for all other packets for which logging ON information is not received. Is there any configuration to start/stop accounting at run time ? From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Jentsch, Mario Sent: Tuesday, July 26, 2016 8:46 PM To: pmacct-discussion@pmacct.net Subject: Re: [pmacct-discussion] Dynamic filtering of packets The mentioned user groups need to be build when the user authenticates and get the IP address assigned. This is most probably done in your Radius configuration and not in pmacct. Regards, Mario From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Mehul Prajapati Sent: Tuesday, July 26, 2016 3:21 PM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: Re: [pmacct-discussion] Dynamic filtering of packets Hi, RADIUS packets are received on port 1812 & 1813. I am decoding RADIUS packet in core process and then I get Accounting ON/OFF information in payload of packet. I like your suggestion of user groups. How can I configure user groups in PMacct ? Is there any provision such that this Accounting ON/OFF requests configuration can be changes at run time ? From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Jentsch, Mario Sent: Tuesday, July 26, 2016 6:18 PM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: Re: [pmacct-discussion] Dynamic filtering of packets Hi Mehul. the way you detect "Accounting ON/OFF" in pmacct affects possible recommendations. Same applies to other preconditions/requirements you may have. If we don't need to care about them I would think you can filter out all IPs that you don't want accounting enabled for - this assumes there is no dynamic assignment from users to IP addresses. With such a dynamic assignment a solution could be: assign the user groups ("accounting on" vs "accounting off") different IP blocks and have pmacct collect the data only for the IP block for users with "accounting on". In case your situation is more complicated and you can't take one of these ways it is helpful to know how you "receive some event i.e. Accounting ON in PMacct" and process it. Depending on if you're allowed to keep data about users with "accounting off" you also may solve it on MySQL side (presuming this is your data store). Receiving an "accounting on" you put the user/IP address for it in table1. Accounting data for this IP address is only stored in table2 if an appropriate entry in table1 is there. Receiving an "accounting off" you remove user/IP address for it in table1 and if required all appropriate entries from table2. This behavior should be possible with DB triggers / helper table. Regards, Mario From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Mehul Prajapati Sent: Tuesday, July 26, 2016 11:48 AM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: Re: [pmacct-discussion] Dynamic filtering of packets Hi Mario, Remote Authentication Dial-In User Service (RADIUS) is a networking protocol<https://en.wikipedia.org/wiki/Communications_protocol> that provides centralized Authentication, Authorization, and Accounting (AAA<https://en.wikipedia.org/wiki/AAA_protocol>) management for users who connect and use a network service. You can ignore the RADIUS decoding part. Requirement: I want to do accounting for only selective users/IP addresses. Let say, I receive some event i.e. Accounting ON in PMacct. Now, processing this event, I want to start accounting for only this IP address/user. After some time, I receive Accounting OFF event in PMacct. Now, processing this event, I want to stop accounting for only this IP address/user. Is there any mechanism to achieve it ? From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Jentsch, Mario Sent: Tuesday, July 26, 2016 2:55 PM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: Re: [pmacct-discussion] Dynamic filtering of packets Hi Mehul, > I have explored about "refresh_maps" config key. > If I use it, then I need to make changes in map file at run time. that is working fine in one of our setups. We detect changes in the network, re-create the map file and have the daemon reload it without restart. > But, I want to make filtering such that changes reside in memory only. That sounds like you need to patch pmacct what IMHO is the least best solution. > I am decoding RADIUS packet in PMacct at run-time. Therefore, I > want to make account filtering after decoding RADIUS packet data. Can you show us your configuration for that? > I have looked into code and there is not handler for DELETE query in mysql. > I want to delete records from code itself when Accounting OFF is received. I think you need to create your own plugin for such actions based on collected data. > Would you suggest any other suitable way? Right now I can't - have to admit that I don't understand your use case and what your RADIUS packets are :\ Regards, Mario From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Mehul Prajapati Sent: Tuesday, July 26, 2016 10:27 AM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: Re: [pmacct-discussion] Dynamic filtering of packets Hi, Thanks for your inputs. 1) I have explored about "refresh_maps" config key. If I use it, then I need to make changes in map file at run time. But, I want to make filtering such that changes reside in memory only. I am decoding RADIUS packet in PMacct at run-time. Therefore, I want to make account filtering after decoding RADIUS packet data. 2) I have looked into code and there is not handler for DELETE query in mysql. I want to delete records from code itself when Accounting OFF is received. Would you suggest any other suitable way? From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Jentsch, Mario Sent: Tuesday, July 26, 2016 12:46 PM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: Re: [pmacct-discussion] Dynamic filtering of packets Hi Mehul, > Is there any mechanism available such that I can apply tagging and > filtering at run time after decoding of RADIUS packet ? Have a look at the "refresh_maps" config key. You can update your map at run time and have pmacct reload it by sending SIGUSR2. > After decoding, is there any way to remove records from database > at run time ? Depends on the used database. With an SQL one you can, with a memory table not. I would consider to evaluate the "Accounting ON/OFF" flag when creating the report. Regards, Mario From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Mehul Prajapati Sent: Tuesday, July 26, 2016 8:43 AM To: pmacct-discussion@pmacct.net<mailto:pmacct-discussion@pmacct.net> Subject: [pmacct-discussion] Dynamic filtering of packets Hi, I have one Query regarding to Dynamic filtering and aggregation Requirements: 1) Account for only those IP addresses/users for which Accounting ON request is received in RADIUS packet 2) Purge records from database for which Accounting OFF request is received in RADIUS packet I have explored pre-tagging section of PMacct. According to my understanding, it takes filtering from configuration file once and afterwards filtering remains same at run time. I am decoding and processing RADIUS packet at run time. 1. Is there any mechanism available such that I can apply tagging and filtering at run time after decoding of RADIUS packet ? 2. After decoding, is there any way to remove records from database at run time ? Regards, Mehul Mehul Prajapati Mehul Prajapati Mehul Prajapati Mehul Prajapati Mehul Prajapati
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
