ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] NeTraMet


  • To: inet-admins@info.east.ru
  • Subject: [inet-admins] NeTraMet
  • From: Vladimir Kravchenko <jimson@mostcom.ru>
  • Date: 13 Nov 2001 22:24:04 +0300
  • Delivered-to: inet-adm-outgoing@frog.east.ru
  • Delivered-to: inet-admins@info.east.ru
  • User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.5 (asparagus)


NeMaC сбрасывает в лог flows только те по которым "прекратилась активность"
Я не вижу никаких таймаутов или возможности сказать NeMac сбрасывать в лог
информацию по всем активным flow, вероятно я что то не так настроил ибо
необходимость в fd_filter у меня отпадает при таком поведении NeMaC.
Где я не прав, подскажите pls.

/usr/mostcom/bin/NetFlowMet -i12001 -i12002 -f20000 -b5000 -t10000 -v1000
 -e300 -D -m12000
/usr/mostcom/bin/NeMaC -p -P -k120 -h75 -g600 -r iprule -c300 -m12000
 localhost private

one[jimson]:.../netramet $ cat rule.srl 
if SourcePeerType == IPv4 {
  save SourcePeerAddress/32;
  save   DestPeerAddress/32;
  save SourceInterface;
  save   DestInterface;
  save SourceTransAddress/16;
  save   DestTransAddress/16;
  save SourceTransType;
  save MeterID;
} else IGNORE ;

COUNT ;
FORMAT
FlowRuleSet FlowIndex FirstTime MeterID SourceTransType
SourcePeerAddress DestPeerAddress ToOctets FromOctets ToPDUs FromPDUs
SourceTransAddress DestTransAddress SourceInterface DestInterface ;

SET 5 ;

--- x.x.x.19 ping statistics ---
2008 packets transmitted, 2008 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.645/3.073/11.627/0.380 ms

##NeTraMet v4.3:  -c300 -r ip4.rule  localhost udp-12001, udp-12002  20000
flows  starting at 18:43:59 Tue 13 Nov 2001
#Format: flowruleset flowindex firsttime meterid sourcetranstype
sourcepeeraddress destpeeraddress tooctets fromoctets topdus frompdus
sourcetransaddress desttransaddress sourceinterface destinterface 
#Time: 18:43:59 Tue 13 Nov 2001 localhost Flows from 0 to 177499
#Ruleset: 5  5 ip4.rule  NeMaC
#EndData: localhost
#Time: 18:45:00 Tue 13 Nov 2001 localhost Flows from 177498 to 183506
5 7 2147681003 2 17 x.x.x.101 x.x.x.9 115 0 1 0 51464 1719 98 0
#EndData: localhost
#Time: 18:50:00 Tue 13 Nov 2001 localhost Flows from 183505 to 213524
5 7 423012325 2 17 x.x.x.101 x.x.x.9 2612 0 19 0 51464 1719 98 0
5 8 857539048 2 17 x.x.x.11 x.x.x.19 384 0 8 0 1646 1646 98 0
5 9 1728183766 2 1 x.x.x.11 212.111.67.6 66024 0 786 0 0 2048 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 76 0 1 0 123 123 98 0
#EndData: localhost
#Time: 18:55:00 Tue 13 Nov 2001 localhost Flows from 213523 to 243543
5 7 423012325 2 17 x.x.x.101 x.x.x.9 3801 0 29 0 51464 1719 98 0
5 8 857539048 2 17 x.x.x.11 x.x.x.19 528 0 11 0 1646 1646 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 228 0 3 0 123 123 98 0
5 11 13659611 2 17 193.79.237.14 x.x.x.19 76 0 1 0 123 123 98 0
#EndData: localhost
#Time: 19:00:00 Tue 13 Nov 2001 localhost Flows from 243542 to 273561
5 7 423012325 2 17 x.x.x.101 x.x.x.9 5375 0 41 0 51464 1719 98 0
5 8 857539048 2 17 x.x.x.11 x.x.x.19 768 0 16 0 1646 1646 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 456 0 6 0 123 123 98 0
#EndData: localhost
#Time: 19:05:00 Tue 13 Nov 2001 localhost Flows from 273560 to 303591
5 7 423012325 2 17 x.x.x.101 x.x.x.9 8341 0 63 0 51464 1719 98 0
5 8 423053128 2 17 x.x.x.11 x.x.x.19 1296 0 27 0 1646 1646 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 608 0 8 0 123 123 98 0
5 11 2577269464 2 17 193.79.237.14 x.x.x.19 152 0 2 0 123 123 98 0
>5 12 432997858 2 1 x.x.x.12 x.x.x.19 149772 0 1783 0 0 2048 98 0
#EndData: localhost

-- 
Vladimir Kravchenko / PK Mostcom JSC / system engineer
Tel: +7 095 4360522 / UIN: 132038843 / Email: jimson@mostcom.ru 

=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on http://info.east.ru/rus/inetadm.html



 




Copyright © Lexa Software, 1996-2009.