Re: netflow per connection
Igor Smitran [EMAIL PROTECTED] wrote: I have Mikrotik. It can export netflow data but i am not sure what freeradius can do with that? Nothing. You will need a netflow server. Is it possible to have all netflow for that client inserted into database somehow? Please provide some URL because i am not sure what to search for. netflow server ? Alan DeKok. Yes, i know about cflowd and similar netflow tools. I was thinking that maybe there is some solution that can help me to insert flow data for particular user into database together with total octets in, octets out upon disconnect. Thank you, Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Igor Smitran wrote: netflow server ? Alan DeKok. Yes, i know about cflowd and similar netflow tools. I was thinking that maybe there is some solution that can help me to insert flow data for particular user into database together with total octets in, octets out upon disconnect. There is no pre-built solution. You would need to roll your own. It's not hard. See the Exec-Program examples in acct_users, for examples how to trigger external code/events on accounting start/stop. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
On Tue 15 Aug 2006 15:51, Igor Smitran wrote: Igor Smitran [EMAIL PROTECTED] wrote: I have Mikrotik. It can export netflow data but i am not sure what freeradius can do with that? Nothing. You will need a netflow server. Is it possible to have all netflow for that client inserted into database somehow? Please provide some URL because i am not sure what to search for. netflow server ? Alan DeKok. Yes, i know about cflowd and similar netflow tools. I was thinking that maybe there is some solution that can help me to insert flow data for particular user into database together with total octets in, octets out upon disconnect. Aside from tinkering with FreeRADIUS code (and running a large number of production servers) I also tinker with and run pmacct which I highly recommend as a netflow/sflow solution. We have a number of deployments of both on the same Postgresql backend and as long as your DB server is specced correctly you shouldn't have any trouble. My pmacct rpms are at: http://software.opensuse.org/download/server:/monitoring/ And my FreeRADIUS rpms are at: http://software.opensuse.org/download/home:/peternixon/ Integration of the 2 different sets of accounting data is left as an excercise to you :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpoTTb6oYBIm.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Peter Nixon [EMAIL PROTECTED] wrote: Aside from tinkering with FreeRADIUS code (and running a large number of production servers) I also tinker with and run pmacct which I highly recommend as a netflow/sflow solution. We have a number of deployments of both on the same Postgresql backend and as long as your DB server is specced correctly you shouldn't have any trouble. That looks like a fantastic tool, which should be mentioned in the FAQ, as how to get protocol-specific accounting information. I we were suckers for punishment, we could write a radius plugin for pmacct, so that the RADIUS server could see that traffic, too. But it's probably better to integrate things at the DB layer, rather than the protocol layer. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Peter Nixon [EMAIL PROTECTED] wrote: Aside from tinkering with FreeRADIUS code (and running a large number of production servers) I also tinker with and run pmacct which I highly recommend as a netflow/sflow solution. We have a number of deployments of both on the same Postgresql backend and as long as your DB server is specced correctly you shouldn't have any trouble. That looks like a fantastic tool, which should be mentioned in the FAQ, as how to get protocol-specific accounting information. I we were suckers for punishment, we could write a radius plugin for pmacct, so that the RADIUS server could see that traffic, too. But it's probably better to integrate things at the DB layer, rather than the protocol layer. Alan DeKok. It would be good to have all data imidiately accessible, that way one can use exec-wait and do accounting imidiately upon disconnect? Or am i missing the point? :) i am just trying to share some ideas and do some brain storming. My idea was something like this: 1. user tries to authenticate 2. radius authenticates user and starts accounting 3. radius pulls netflow data for particular IP in some time intervals and inserts those into some database table I am not very familiar with freeradius. I've seted it up to do what i want but don't have time to learn more :( so if i am missing the point please let me know :) Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
On Tue 15 Aug 2006 19:21, Igor Smitran wrote: Peter Nixon [EMAIL PROTECTED] wrote: Aside from tinkering with FreeRADIUS code (and running a large number of production servers) I also tinker with and run pmacct which I highly recommend as a netflow/sflow solution. We have a number of deployments of both on the same Postgresql backend and as long as your DB server is specced correctly you shouldn't have any trouble. That looks like a fantastic tool, which should be mentioned in the FAQ, as how to get protocol-specific accounting information. I we were suckers for punishment, we could write a radius plugin for pmacct, so that the RADIUS server could see that traffic, too. But it's probably better to integrate things at the DB layer, rather than the protocol layer. Alan DeKok. It would be good to have all data imidiately accessible, that way one can use exec-wait and do accounting imidiately upon disconnect? Or am i missing the point? :) i am just trying to share some ideas and do some brain storming. My idea was something like this: 1. user tries to authenticate 2. radius authenticates user and starts accounting 3. radius pulls netflow data for particular IP in some time intervals and inserts those into some database table I am not very familiar with freeradius. I've seted it up to do what i want but don't have time to learn more :( so if i am missing the point please let me know :) Igor, I think you may be a little confused about how netflow works. The router/switch pushes the netflow data to the collector, typically for ALL traffic through the device (although some devices support aggregation of flows and/or statistical sampling). You therefore don't trigger netflow records for a particular IP, you need to wait for the device to send them to you. You can configure flow timeouts and various things but basically in any realistic deployment you are still likely to receive netflow records for several minutes (at least) after traffic stops. I you make pmacct or other collector put flow data into the same postgresql database (different table of course) a simple database JOIN to the radacct table should give you the billing data you need whenever you want it :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpZzDsmgxf86.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Yes Peter, you are right. My fault. I only tried netflow tools, i never used those in production envrionment. I just checked and saw that i need to pull data from collector, while collector is receiving data from routers. That said it is not possible to have accurate data at disconnect. Sorry for this, i was hotheaded, but i can't help it, it defines me :) Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
netflow per connection
Is there a way to have netflow data per session, instead of just total octets in and total octets out? I am trying to find a relatively easy way to charge users per netflow data, for example: local data is 50% discount, mail is 30% discount etc. Thank you, Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Igor Smitran [EMAIL PROTECTED] wrote: Is there a way to have netflow data per session, instead of just total octets in and total octets out? I am trying to find a relatively easy way to charge users per netflow data, for example: local data is 50% discount, mail is 30% discount etc. Consult the NAS documentation. If it doesn't say it can send that information, then that information won't be available to FreeRADIUS. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Is there a way to have netflow data per session, instead of just total octets in and total octets out? I am trying to find a relatively easy way to charge users per netflow data, for example: local data is 50% discount, mail is 30% discount etc. Consult the NAS documentation. If it doesn't say it can send that information, then that information won't be available to FreeRADIUS. Alan DeKok. I have Mikrotik. It can export netflow data but i am not sure what freeradius can do with that? Is it possible to have all netflow for that client inserted into database somehow? Please provide some URL because i am not sure what to search for. Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Igor Smitran [EMAIL PROTECTED] wrote: I have Mikrotik. It can export netflow data but i am not sure what freeradius can do with that? Nothing. You will need a netflow server. Is it possible to have all netflow for that client inserted into database somehow? Please provide some URL because i am not sure what to search for. netflow server ? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
