On 9/15/2014 7:38 AM, PGNd wrote: > I'm deploying accounting on an edge (router/firewall) box, configured as SW > MultiISP. > > My goal is to monitor/report ALL traffic/usage per provider. I.e., > > traffic IN, provA > traffic OUT, provA > traffic IN, provB > traffic OUT, provB > ... etc ... > > and to (eventually) be able to time-slice it (last calendar month, > last calendar week, last 20 days, etc). > > I've been reading the SW accounting docs, specifically re: nfacct, > and am unclear both on general nfacct-accounting usage, and how to deal with > the per-provider accounting. > > I'd ideally like to see a thorough example added to the docs/wiki. > Ifcit's already there, and I've missed it -- please 'point'. If not, > perhaps this post might lead to one.
I run Debian stable on my own Multi-ISP gateway and, unfortunately, it doesn't support NFACCT. So given that I never include untested examples in the docs, it will have to wait until Jessie is released. > Reading @ > > Accounting using nfacct > http://shorewall.net/Accounting.html#nfacct > > points to > > "To use nfaccnt with Shorewall, use the NFACCT target. See > shorewall-accounting(5) for details." > > Reading @ > > http://shorewall.net/manpages/shorewall-accounting.html > > states > > "Beginning with Shorewall 4.4.20, the ACCOUNTING_TABLE setting was > added to shorewall.conf and shorewall6.conf. That setting determines the > Netfilter table (filter or mangle) where the accounting rules are added. When > ACCOUNTING_TABLE=mangle is specified, the available sections are PREROUTING, > INPUT, OUTPUT, FORWARD and POSTROUTING." > > and provides syntax docs of > > ... > NFACCT({object[!]}[,...]) > > Added in Shorewall 4.5.7. Provides a form of accounting that > survives shorewall stop/shorewall start and shorewall restart. ... > ... > > Couple of questions: > > (1) What's the rationale for selecting ACCOUNTING_TABLE= "filter" vs > "mangle"? Clearly, either can be chosen. In my convoluted case, what's > the right choice and why? Setting ACCOUNTING_TABLE=mangle, allows you to use FASTACCEPT=Yes. > > (2) How would per-provider accounting be handled? An example config > for "/accounting" would be very helpful here. Again, I'm not posting any untested examples. > > (3) nfacct-based accounting is doc'd to survive SW start/stop/purge. > Does it also survive *system* reboot? No. > Where/how is the persistent history/data stored by SW? in > /var/lib/shorewall/*? Or, for persistent storage, do we need > to create/manage a DB-backed store, and populate > SW's accounting ouput into it? The latter. Possibly you should consider one of the libpcap-based IP accounting packages; they support persistent data. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
