Re: [pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Mehul Prajapati 
Hi,

Thanks for your inputs.


1)  I have explored about "refresh_maps" config key.
If I use it, then I need to make changes in map file at run time.

But, I want to make filtering such that changes reside in memory only.

I am decoding RADIUS packet in PMacct at run-time. Therefore, I want to make 
account filtering after decoding RADIUS packet data.


2)  I have looked into code and there is not handler for DELETE query in 
mysql.
I want to delete records from code itself when Accounting OFF is received.

Would you suggest any other suitable way?


From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 12:46 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul,

> Is there any mechanism available such that I can apply tagging and
> filtering at run time after decoding of RADIUS packet ?

Have a look at the "refresh_maps" config key. You can update your map at run 
time and have pmacct reload it by sending SIGUSR2.

> After decoding, is there any way to remove records from database
> at run time ?

Depends on the used database. With an SQL one you can, with a memory table not. 
I would consider to evaluate the "Accounting ON/OFF" flag when creating the 
report.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 8:43 AM
To: pmacct-discussion@pmacct.net
Subject: [pmacct-discussion] Dynamic filtering of packets

Hi,

I have one Query regarding to Dynamic filtering and aggregation

Requirements:

1)  Account for only those IP addresses/users for which Accounting ON 
request is received in RADIUS packet

2)  Purge records from database for which Accounting OFF request is 
received in RADIUS packet

I have explored pre-tagging section of PMacct.
According to my understanding, it takes filtering from configuration file once 
and afterwards filtering remains same at run time.

I am decoding and processing RADIUS packet at run time.


1.   Is there any mechanism available such that I can apply tagging and 
filtering at run time after decoding of RADIUS packet ?

2.   After decoding, is there any way to remove records from database at 
run time ?



Regards,
Mehul


Mehul Prajapati

Mehul Prajapati
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Jentsch, Mario 
Hi Mehul,

> I have explored about "refresh_maps" config key.
> If I use it, then I need to make changes in map file at run time.

that is working fine in one of our setups. We detect changes in the network, 
re-create the map file and have the daemon reload it without restart.

> But, I want to make filtering such that changes reside in memory only.

That sounds like you need to patch pmacct what IMHO is the least best solution.

> I am decoding RADIUS packet in PMacct at run-time. Therefore, I
> want to make account filtering after decoding RADIUS packet data.

Can you show us your configuration for that?

> I have looked into code and there is not handler for DELETE query in mysql.
> I want to delete records from code itself when Accounting OFF is received.

I think you need to create your own plugin for such actions based on collected 
data.

> Would you suggest any other suitable way?

Right now I can't - have to admit that I don't understand your use case and 
what your RADIUS packets are :\

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 10:27 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi,

Thanks for your inputs.


1)  I have explored about "refresh_maps" config key.
If I use it, then I need to make changes in map file at run time.

But, I want to make filtering such that changes reside in memory only.

I am decoding RADIUS packet in PMacct at run-time. Therefore, I want to make 
account filtering after decoding RADIUS packet data.


2)  I have looked into code and there is not handler for DELETE query in 
mysql.
I want to delete records from code itself when Accounting OFF is received.

Would you suggest any other suitable way?


From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 12:46 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul,

> Is there any mechanism available such that I can apply tagging and
> filtering at run time after decoding of RADIUS packet ?

Have a look at the "refresh_maps" config key. You can update your map at run 
time and have pmacct reload it by sending SIGUSR2.

> After decoding, is there any way to remove records from database
> at run time ?

Depends on the used database. With an SQL one you can, with a memory table not. 
I would consider to evaluate the "Accounting ON/OFF" flag when creating the 
report.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 8:43 AM
To: pmacct-discussion@pmacct.net
Subject: [pmacct-discussion] Dynamic filtering of packets

Hi,

I have one Query regarding to Dynamic filtering and aggregation

Requirements:

1)  Account for only those IP addresses/users for which Accounting ON 
request is received in RADIUS packet

2)  Purge records from database for which Accounting OFF request is 
received in RADIUS packet

I have explored pre-tagging section of PMacct.
According to my understanding, it takes filtering from configuration file once 
and afterwards filtering remains same at run time.

I am decoding and processing RADIUS packet at run time.


1.   Is there any mechanism available such that I can apply tagging and 
filtering at run time after decoding of RADIUS packet ?

2.   After decoding, is there any way to remove records from database at 
run time ?



Regards,
Mehul


Mehul Prajapati

Mehul Prajapati
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Mehul Prajapati 
Hi,

I have one Query regarding to Dynamic filtering and aggregation

Requirements:

1)  Account for only those IP addresses/users for which Accounting ON 
request is received in RADIUS packet

2)  Purge records from database for which Accounting OFF request is 
received in RADIUS packet

I have explored pre-tagging section of PMacct.
According to my understanding, it takes filtering from configuration file once 
and afterwards filtering remains same at run time.

I am decoding and processing RADIUS packet at run time.


1.   Is there any mechanism available such that I can apply tagging and 
filtering at run time after decoding of RADIUS packet ?

2.   After decoding, is there any way to remove records from database at 
run time ?



Regards,
Mehul


Mehul Prajapati
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Mehul Prajapati 
Hi Mario,

Remote Authentication Dial-In User Service (RADIUS) is a networking 
protocol that provides 
centralized Authentication, Authorization, and Accounting 
(AAA) management for users who 
connect and use a network service.

You can ignore the RADIUS decoding part.

Requirement:
I want to do accounting for only selective users/IP addresses.

Let say, I receive some event i.e. Accounting ON in PMacct. Now, processing 
this event, I want to start accounting for only this IP address/user.
After some time, I receive Accounting OFF event in PMacct. Now, processing this 
event, I want to stop accounting for only this IP address/user.

Is there any mechanism to achieve it ?



From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 2:55 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul,

> I have explored about "refresh_maps" config key.
> If I use it, then I need to make changes in map file at run time.

that is working fine in one of our setups. We detect changes in the network, 
re-create the map file and have the daemon reload it without restart.

> But, I want to make filtering such that changes reside in memory only.

That sounds like you need to patch pmacct what IMHO is the least best solution.

> I am decoding RADIUS packet in PMacct at run-time. Therefore, I
> want to make account filtering after decoding RADIUS packet data.

Can you show us your configuration for that?

> I have looked into code and there is not handler for DELETE query in mysql.
> I want to delete records from code itself when Accounting OFF is received.

I think you need to create your own plugin for such actions based on collected 
data.

> Would you suggest any other suitable way?

Right now I can't - have to admit that I don't understand your use case and 
what your RADIUS packets are :\

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 10:27 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi,

Thanks for your inputs.


1)  I have explored about "refresh_maps" config key.
If I use it, then I need to make changes in map file at run time.

But, I want to make filtering such that changes reside in memory only.

I am decoding RADIUS packet in PMacct at run-time. Therefore, I want to make 
account filtering after decoding RADIUS packet data.


2)  I have looked into code and there is not handler for DELETE query in 
mysql.
I want to delete records from code itself when Accounting OFF is received.

Would you suggest any other suitable way?


From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 12:46 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul,

> Is there any mechanism available such that I can apply tagging and
> filtering at run time after decoding of RADIUS packet ?

Have a look at the "refresh_maps" config key. You can update your map at run 
time and have pmacct reload it by sending SIGUSR2.

> After decoding, is there any way to remove records from database
> at run time ?

Depends on the used database. With an SQL one you can, with a memory table not. 
I would consider to evaluate the "Accounting ON/OFF" flag when creating the 
report.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 8:43 AM
To: pmacct-discussion@pmacct.net
Subject: [pmacct-discussion] Dynamic filtering of packets

Hi,

I have one Query regarding to Dynamic filtering and aggregation

Requirements:

1)  Account for only those IP addresses/users for which Accounting ON 
request is received in RADIUS packet

2)  Purge records from database for which Accounting OFF request is 
received in RADIUS packet

I have explored pre-tagging section of PMacct.
According to my understanding, it takes filtering from configuration file once 
and afterwards filtering remains same at run time.

I am decoding and processing RADIUS packet at run time.


1.   Is there any mechanism available such that I can apply tagging and 
filtering at run time after decoding of RADIUS packet ?

2.   After decoding, is there any way to remove records from database at 
run time ?



Regards,
Mehul


Mehul Prajapati

Mehul Prajapati

Mehul Prajapati
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Jentsch, Mario 
Hi Mehul,

> Is there any mechanism available such that I can apply tagging and
> filtering at run time after decoding of RADIUS packet ?

Have a look at the "refresh_maps" config key. You can update your map at run 
time and have pmacct reload it by sending SIGUSR2.

> After decoding, is there any way to remove records from database
> at run time ?

Depends on the used database. With an SQL one you can, with a memory table not. 
I would consider to evaluate the "Accounting ON/OFF" flag when creating the 
report.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 8:43 AM
To: pmacct-discussion@pmacct.net
Subject: [pmacct-discussion] Dynamic filtering of packets

Hi,

I have one Query regarding to Dynamic filtering and aggregation

Requirements:

1)  Account for only those IP addresses/users for which Accounting ON 
request is received in RADIUS packet

2)  Purge records from database for which Accounting OFF request is 
received in RADIUS packet

I have explored pre-tagging section of PMacct.
According to my understanding, it takes filtering from configuration file once 
and afterwards filtering remains same at run time.

I am decoding and processing RADIUS packet at run time.


1.   Is there any mechanism available such that I can apply tagging and 
filtering at run time after decoding of RADIUS packet ?

2.   After decoding, is there any way to remove records from database at 
run time ?



Regards,
Mehul


Mehul Prajapati
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Looking for a fresh pmacct UI

2016-07-26 Thread Davide Principi 
I'm looking for a bandwidthd replacement and I started experimenting
with pmacct.  The monitoring daemon and the cli tool are amazing and
seem to fit my needs;  however, on the web site links to external tools
for displaying data are quite old.

My ideal UI should be helpful on finding anomalous traffic from LAN.
Requirements could be

- small network monitoring (<1000 nodes) 
- storage on local file(s) like, sqlite, csv, json (no RDBMS!)
- counters by IP, proto (ports, maybe)
- periodical graphs
- list of "top talkers"

Could you point me to other projects providing an UI for pmacct? 

Is there anybody interested on such project?

Meanwhile I built a pmacct RPM for NethServer/CentOS 7.  You can find
it on

http://packages.nethserver.org/nethserver/7.2.1511/nethforge-testin
g/x86_64/Packages/pmacct-1.6.0-1.ns7.x86_64.rpm

initial .spec file on GitHub

https://github.com/DavidePrincipi/pmacct

NethServer is the community project behind my initiative, please come
to visit us on http://community.nethserver.org.

Best regards,

-- 
Davide Principi

#davidep | @davideprincipi | GPG 0x5651EA71




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Mehul Prajapati 
Hi,

RADIUS packets are received on port 1812 & 1813.
I am decoding RADIUS packet in core process and then I get Accounting ON/OFF 
information in payload of packet.

I like your suggestion of user groups.

How can I configure user groups in PMacct ?
Is there any provision such that this Accounting ON/OFF requests configuration 
can be changes at run time ?




From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 6:18 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul.

the way you detect "Accounting ON/OFF" in pmacct affects possible 
recommendations. Same applies to other preconditions/requirements you may have.

If we don't need to care about them I would think you can filter out all IPs 
that you don't want accounting enabled for - this assumes there is no dynamic 
assignment from users to IP addresses.

With such a dynamic assignment a solution could be: assign the user groups 
("accounting on" vs "accounting off") different IP blocks and have pmacct 
collect the data only for the IP block for users with "accounting on".

In case your situation is more complicated and you can't take one of these ways 
it is helpful to know how you "receive some event i.e. Accounting ON in PMacct" 
and process it. Depending on if you're allowed to keep data about users with 
"accounting off" you also may solve it on MySQL side (presuming this is your 
data store). Receiving an "accounting on" you put the user/IP address for it in 
table1. Accounting data for this IP address is only stored in table2 if an 
appropriate entry in table1 is there. Receiving an "accounting off" you remove 
user/IP address for it in table1 and if required all appropriate entries from 
table2. This behavior should be possible with DB triggers / helper table.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 11:48 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mario,

Remote Authentication Dial-In User Service (RADIUS) is a networking 
protocol that provides 
centralized Authentication, Authorization, and Accounting 
(AAA) management for users who 
connect and use a network service.

You can ignore the RADIUS decoding part.

Requirement:
I want to do accounting for only selective users/IP addresses.

Let say, I receive some event i.e. Accounting ON in PMacct. Now, processing 
this event, I want to start accounting for only this IP address/user.
After some time, I receive Accounting OFF event in PMacct. Now, processing this 
event, I want to stop accounting for only this IP address/user.

Is there any mechanism to achieve it ?



From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 2:55 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul,

> I have explored about "refresh_maps" config key.
> If I use it, then I need to make changes in map file at run time.

that is working fine in one of our setups. We detect changes in the network, 
re-create the map file and have the daemon reload it without restart.

> But, I want to make filtering such that changes reside in memory only.

That sounds like you need to patch pmacct what IMHO is the least best solution.

> I am decoding RADIUS packet in PMacct at run-time. Therefore, I
> want to make account filtering after decoding RADIUS packet data.

Can you show us your configuration for that?

> I have looked into code and there is not handler for DELETE query in mysql.
> I want to delete records from code itself when Accounting OFF is received.

I think you need to create your own plugin for such actions based on collected 
data.

> Would you suggest any other suitable way?

Right now I can't - have to admit that I don't understand your use case and 
what your RADIUS packets are :\

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 10:27 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi,

Thanks for your inputs.


1)  I have explored about "refresh_maps" config key.
If I use it, then I need to make changes in map file at run time.

But, I want to make filtering such that changes reside in memory only.

I am decoding RADIUS packet in PMacct at run-time. Therefore, I want to make 
account filtering after decoding RADIUS packet data.


2)  I have looked into code and there is not handler for DELETE query in 
mysql.
I want to delete records

Re: [pmacct-discussion] Looking for a fresh pmacct UI

2016-07-26 Thread Robert Juric 
I had started to work with HighCharts to put a front-end together for my
small deployment. I also wouldn't mind contributing to a project in any way
I could.

Robert Juric

On Tue, Jul 26, 2016 at 9:58 AM, Davide Principi <
davide.princ...@nethesis.it> wrote:

> Thanks for the prompt reply, Harry!
>
> >
> > You might be interested in: http://uowits.github.io/herbert-gui/index
> > .html
>
>
> It looks great, but if I understand correctly that UI requires MongoDB
> and RabbitMQ messaging queue to collect data.  Of course, I would not
> run that infrastructure on a single router!
>
> Any other idea?
>
> >
> > One thing you might notice is that due to the flexible nature of
> > pmacct, creating an all encompassing front-end is quite a mammoth
> > task. I think a lot of people tend to plug the aggregates into their
> > existing infrastructure.
>
> This is an important point! It could also explain why a simple UI that
> runs on the same host where data is collected is not so easy to
> find...
>
> Nobody is interested on a similar project in the "datacenter era" :) ?
>
> However SME businesses, non-profit orgs with a LAN and their firewall
> could appreciate it... What do you think?
>
> >
> > That being said, I'd be happy to help contribute if you do decide to
> > start a project.
> >
>
> This is awesome, I'll keep you informed!
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dynamic filtering of packets

2016-07-26 Thread Jentsch, Mario 
The mentioned user groups need to be build when the user authenticates and get 
the IP address assigned. This is most probably done in your Radius 
configuration and not in pmacct.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 3:21 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi,

RADIUS packets are received on port 1812 & 1813.
I am decoding RADIUS packet in core process and then I get Accounting ON/OFF 
information in payload of packet.

I like your suggestion of user groups.

How can I configure user groups in PMacct ?
Is there any provision such that this Accounting ON/OFF requests configuration 
can be changes at run time ?




From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 6:18 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul.

the way you detect "Accounting ON/OFF" in pmacct affects possible 
recommendations. Same applies to other preconditions/requirements you may have.

If we don't need to care about them I would think you can filter out all IPs 
that you don't want accounting enabled for - this assumes there is no dynamic 
assignment from users to IP addresses.

With such a dynamic assignment a solution could be: assign the user groups 
("accounting on" vs "accounting off") different IP blocks and have pmacct 
collect the data only for the IP block for users with "accounting on".

In case your situation is more complicated and you can't take one of these ways 
it is helpful to know how you "receive some event i.e. Accounting ON in PMacct" 
and process it. Depending on if you're allowed to keep data about users with 
"accounting off" you also may solve it on MySQL side (presuming this is your 
data store). Receiving an "accounting on" you put the user/IP address for it in 
table1. Accounting data for this IP address is only stored in table2 if an 
appropriate entry in table1 is there. Receiving an "accounting off" you remove 
user/IP address for it in table1 and if required all appropriate entries from 
table2. This behavior should be possible with DB triggers / helper table.

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 11:48 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mario,

Remote Authentication Dial-In User Service (RADIUS) is a networking 
protocol that provides 
centralized Authentication, Authorization, and Accounting 
(AAA) management for users who 
connect and use a network service.

You can ignore the RADIUS decoding part.

Requirement:
I want to do accounting for only selective users/IP addresses.

Let say, I receive some event i.e. Accounting ON in PMacct. Now, processing 
this event, I want to start accounting for only this IP address/user.
After some time, I receive Accounting OFF event in PMacct. Now, processing this 
event, I want to stop accounting for only this IP address/user.

Is there any mechanism to achieve it ?



From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Jentsch, Mario
Sent: Tuesday, July 26, 2016 2:55 PM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi Mehul,

> I have explored about "refresh_maps" config key.
> If I use it, then I need to make changes in map file at run time.

that is working fine in one of our setups. We detect changes in the network, 
re-create the map file and have the daemon reload it without restart.

> But, I want to make filtering such that changes reside in memory only.

That sounds like you need to patch pmacct what IMHO is the least best solution.

> I am decoding RADIUS packet in PMacct at run-time. Therefore, I
> want to make account filtering after decoding RADIUS packet data.

Can you show us your configuration for that?

> I have looked into code and there is not handler for DELETE query in mysql.
> I want to delete records from code itself when Accounting OFF is received.

I think you need to create your own plugin for such actions based on collected 
data.

> Would you suggest any other suitable way?

Right now I can't - have to admit that I don't understand your use case and 
what your RADIUS packets are :\

Regards,
Mario

From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf 
Of Mehul Prajapati
Sent: Tuesday, July 26, 2016 10:27 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Dynamic filtering of packets

Hi,