Thanks for. I think so far I can live with daily, I used hour, since it
seemd better for testing / prototyping. But would it be hard to support it?
I checked with daily and it works. What I don't understand how often are
violations checked. I created 10MB violation, but I managed to download 680
MB before it was triggered.
Note: Catalyst seems to support one minute accounting updates at most. Is
this case with most of the devices?
Kind regards,
Marko
-----Original Message-----
From: Francois Gaudreault [mailto:[email protected]]
Sent: Tuesday, September 04, 2012 6:26 PM
To: [email protected]
Subject: Re: [PacketFence-users] Catalyst 2960 and accounting setup
Ahhh right. We do not support hourly violations for accounting. The lowest
metric is daily. We should remove "h" as a valid time value in the trigger.
If you would like us to add that feature, open a feature request in our BTS.
Thanks.
On 2012-09-04 12:22 PM, Francois Gaudreault wrote:
> Hi,
>
> Looks like there is an issue with the bw_all query. Let me check the
> code and try to find the issue.
>
> Thanks.
>
> On 2012-09-04 12:19 PM, Marko Mrvelj wrote:
>>
>> Thanks for info. By following your suggestion I have setup 802.1X.
>>
>> Now I am testing violations checks. For some reason although I see
>> that user used more than allowed bandwidth, he is not cutted off
>> (violation did not trigger). I wanted to setup custom violation which
>> cut's off after used has used more than 10MB per hour. Here is my
>> definition:
>>
>> [root@pf-zen-esx logs]# cat ../conf/violations.conf [1100012]
>> desc=Bandwidth Limit (10MB/hour) enabled=Y actions=email,log,trap
>> window=dynamic vclose= url=/remediation.php?template=bandwidth_limit
>> trigger=Accounting::TOT10MBh
>> grace=1m
>>
>> I do see something strange in packetfence.log:
>>
>> Sep 04 12:16:59 pfmon(1) INFO: getting violations triggers for
>> accounting cleanup (pf::accounting::acct_maintenance)
>> Sep 04 12:16:59 pfmon(1) INFO: Calling node acct maintenance total
>> with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
>> Sep 04 12:16:59 pfmon(1) INFO: Calling node acct maintenance total
>> with and
>> 1 for 10485760 (pf::accounting::acct_maintenance)
>> Sep 04 12:16:59 pfmon(1) WARN: database query failed because
>> statement handler was undefined or invalid, will try again
>> (pf::db::db_query_execute) Sep 04 12:16:59 pfmon(1) WARN: database
>> query failed because statement handler was undefined or invalid, will
>> try again (pf::db::db_query_execute) Sep 04 12:16:59 pfmon(1) WARN:
>> database query failed because statement handler was undefined or
>> invalid, will try again (pf::db::db_query_execute) Sep 04 12:16:59
>> pfmon(1) ERROR: Database issue: We tried 3 times to serve query
>> acct_maintenance_bw__all called from pf::db::db_data and we failed.
>> Is the database running? (pf::db::db_query_execute) Sep 04 12:16:59
>> pfmon(0) ERROR: cleanup thread finished - this is bad
>> (main::)
>>
>> Do you have any ideas/suggestions?
>>
>> -----Original Message-----
>> From: Francois Gaudreault [mailto:[email protected]]
>> Sent: Tuesday, September 04, 2012 4:18 PM
>> To: [email protected]
>> Subject: Re: [PacketFence-users] Catalyst 2960 and accounting setup
>>
>> Hi,
>>
>> Accounting will only work if you use AAA (so MAB or 802.1X). It
>> won't work with port-security. Apparently, we have some feature to
>> grab data using SNMP, but those have not been maintained since a while.
>>
>> Use MAB instead of port-security if you want to use accounting data.
>>
>> On 2012-09-04 10:05 AM, Marko Mrvelj wrote:
>>> Hi all,
>>>
>>> I am trying to get accounting for traffic on packetfence with cisco
>>> catalyst switch (2960). I have port security configured and working
>>> correctly on the switch.
>>>
>>> Can somebody give me directions how to tell switch to send
>>> accounting data?
>>>
>>> Thanks,
>>>
>>> Marko Mrvelj
>>>
>>>
>>> --------------------------------------------------------------------
>>> --
>>> --------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>> Discussions will include endpoint security, mobile security and the
>>> latest in malware threats.
>>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> --
>> Francois Gaudreault, ing. jr
>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>> ---------------------------------------------------------------------
>> ---------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>> Discussions will include endpoint security, mobile security and the
>> latest in malware threats.
>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ---------------------------------------------------------------------
>> ---------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>> Discussions will include endpoint security, mobile security and the
>> latest in malware threats.
>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and threat
landscape has changed and how IT managers can respond. Discussions will
include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
