I'm deploying accounting on an edge (router/firewall) box, configured as SW
MultiISP.
My interest is in per-*provider* nfacct-based accounting that'll survive SW
start/stop/purge.
The current config consists of 6 providers
provA
ISP#1 <-> eth1
provB1
ISP#2 <-> eth2
provB2
ISP#3 <-> eth2
provC
vpn1: tun1 over eth1, via provA, to remoteX
provD
vpn2: tun2 over eth2, via provB1, to remoteY
provE
vpn3: tun3 over eth2, via provB2, to remoteZ
My goal is to monitor/report ALL traffic/usage per provider. I.e.,
traffic IN, provA
traffic OUT, provA
traffic IN, provB
traffic OUT, provB
... etc ...
and to (eventually) be able to time-slice it (last calendar month, last
calendar week, last 20 days, etc).
I've been reading the SW accounting docs, specifically re: nfacct, and am
unclear both on general nfacct-accounting usage, and how to deal with the
per-provider accounting.
I'd ideally like to see a thorough example added to the docs/wiki. If it's
already there, and I've missed it -- please 'point'. If not, perhaps this post
might lead to one.
Reading @
Accounting using nfacct
http://shorewall.net/Accounting.html#nfacct
points to
"To use nfaccnt with Shorewall, use the NFACCT target. See
shorewall-accounting(5) for details."
Reading @
http://shorewall.net/manpages/shorewall-accounting.html
states
"Beginning with Shorewall 4.4.20, the ACCOUNTING_TABLE setting was
added to shorewall.conf and shorewall6.conf. That setting determines the
Netfilter table (filter or mangle) where the accounting rules are added. When
ACCOUNTING_TABLE=mangle is specified, the available sections are PREROUTING,
INPUT, OUTPUT, FORWARD and POSTROUTING."
and provides syntax docs of
...
NFACCT({object[!]}[,...])
Added in Shorewall 4.5.7. Provides a form of accounting that
survives shorewall stop/shorewall start and shorewall restart. ...
...
Couple of questions:
(1) What's the rationale for selecting ACCOUNTING_TABLE= "filter" vs "mangle"?
Clearly, either can be chosen. In my convoluted case, what's the right choice
and why?
(2) How would per-provider accounting be handled? An example config for
"/accounting" would be very helpful here.
(3) nfacct-based accounting is doc'd to survive SW start/stop/purge. Does it
also survive *system* reboot? Where/how is the persistent history/data stored
by SW? in /var/lib/shorewall/*? Or, for persistent storage, do we need to
create/manage a DB-backed store, and populate SW's accounting ouput into it?
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
