LINUX.ORG.RU
ФорумAdmin

IPcad, странное поведение. Не совпадает стаитика. Помогите!


0

1

Обнаружил что статистика IPCad не совпадает с показаниями провайдера. Что я делаю не так?

Slackware 12.
2.6.21.5-smp

# squid -v
Squid Cache: Version 3.0.STABLE18
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--localstatedir=/var/log/squid' '--datadir=/usr/share/squid' '--mandir=/usr/man' '--program-prefix=' '--program-suffix=' '--enable-snmp' '--enable-linux-netfilter' '--enable-async-io' '--build=i486-slackware-linux' 'build_alias=i486-slackware-linux' 'CFLAGS=-O2 -march=i486 -mtune=i686' 'CXXFLAGS=-O2 -march=i486 -mtune=i686'

# ipcad -v
IP Accounting Daemon. ipcad Version 3.7.3
Import {BPF/LIBPCAP/ULOG/LIBIPQ/DIVERT/TEE/FILE}; Export {console/file/RSH/NetFlow}
Copyright (c) 2001, 2002, 2003, 2004 Lev Walkin <vlm@lionet.info>


Похоже, что IPCad не считает tcp. Только ICPM.
На роутере прозрачный прокси.

Подсчет ведется по двум сетям 192.168.2.x и 192.168.3.x.

Вот интерейесы роутера:

eth1 Link encap:Ethernet HWaddr 00:1C:F0:0E:80:3C
inet addr:192.168.2.63 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::21c:f0ff:fe0e:803c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:130619350 errors:0 dropped:0 overruns:0 frame:0
TX packets:169396153 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2706363055 (2.5 GiB) TX bytes:1510578386 (1.4 GiB)
Interrupt:16 Base address:0xac00

eth4 Link encap:Ethernet HWaddr 00:15:17:C4:A8:81
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:fec4:a881/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37335853 errors:0 dropped:0 overruns:0 frame:0
TX packets:40118571 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3509138761 (3.2 GiB) TX bytes:3616561506 (3.3 GiB)
Base address:0xac00 Memory:fe8e0000-fe900000

Вот конфиг ipcad:

root@# cat /usr/local/etc/ipcad.conf
#
# Simple configuration file for ipcad.
# Copyright (c) 2001, 2002, 2003, 2004
# Lev Walkin <vlm@lionet.info>.
#
# Please see ipcad.conf.default file or ipcad.conf(5) manual page for
# complete file format explanation.
#

capture-ports enable; # Enable ports capturing for RSH (no effect on NetFlow).
buffers = 64k;


# Specify interfaces.
interface eth1; # Listen on Ethernet interface...
interface eth4; # ...and another onw.


# Preserve internal IP ranges, aggregate external ones.
#aggregate 192.168.0.0/16 strip 32; /* Don't aggregate 192.168.0.0 */
#aggregate 172.16.0.0/12 strip 32; /* Don't aggregate 172.16.0.0 */
#aggregate 0.0.0.0/0 strip 24; /* Drop the last octet of all other IPs */

# Aggregate port numbers.
#aggregate 1024-65535 into 65535; /* Aggregate wildly */
#aggregate 3128-3128 into 3128; /* Protect these ports */
#aggregate 150-1023 into 1023; /* General low range */

rsh enable at 127.0.0.1;
rsh root@127.0.0.1 admin;
rsh 127.0.0.1 view-only;
rsh ttl = 3;
rsh timeout = 30;
pidfile = ipcad.pid;
dumpfile = ipcad.dump;
chroot = /var/log/ipcad;


Вот скрипт, который берет статистику из Ipcad перегоняет стаитику в Mysql:

#IPCAD and Mysql traffic counters
*/1 * * * * /usr/local/sbin/ipcad2mysql.sh


cat /usr/local/sbin/ipcad2mysql.sh

#!/bin/sh

YEAR=`date +%Y`
MONTH=`date +%m`
DAY=`date +%d`

DATETRAF=$YEAR-$MONTH-$DAY

export DATETRAF

rsh 127.0.0.1 dump > /var/log/ipcad/ipcad.dump && rsh 127.0.0.1 clear ip accounting > /dev/null 2>&1 &&
cat /var/log/ipcad/ipcad.dump | grep «192.168» | awk '{ «echo $DATETRAF» | getline dt
printf «INSERT INTO ipcad.stat (date,source,destination,packets,bytes,src_port,dst_port) VALUES (\„„dt“\“,\»«$1»\",\«»$2"\",\«»$3"\",\«»$4"\",\«»$5"\",\«»$6"\");«»\n"
}' | /usr/bin/mysql --user=stat --password=xxx


Вот правила фаерволла.

root@mainrouter:/etc/rc.d# cat /etc/rc.d/rc.firewall
#!/bin/sh
#
#

###########################################################################
#
# 1. Configuration options.
#

#
# 1.1 Internet Configuration.
#

#INET_IP=«10.34.105.30»
#INET_IFACE=«eth2»
#INET_SUBNET=«10.34.105.28/30»
#INET_BROADCAST=«10.34.105.31»

INET_IP=«195.94.237.82»
INET_IFACE=«eth5»
INET_SUBNET=«10.34.105.28/29»
INET_BROADCAST=«195.94.237.87»

# Specialnie adresnie prostarnstva i adresa //Valya

#Straffic
RABOCHIE_STANCII=«192.168.2.1-192.168.2.30»
TONKIE_CLIENTI=«192.168.2.31-192.168.2.100»
TERMINAL_SERVER=«192.168.2.171»
S_LAN=«192.168.2.0/24»

#M
M_LAN=«192.168.3.0/24»

LAN_IP=«192.168.2.63»
LAN_SUBNET=«192.168.2.0/24»
LAN_IFACE_S=«eth1»
LAN_IFACE_M=«eth0»

LO_IFACE=«lo»
LO_IP=«127.0.0.1»

IPTABLES=«/usr/sbin/iptables»

/sbin/depmod -a

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ip_nat_pptp
/sbin/modprobe ip_conntrack_pptp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_vs_ftp
/sbin/modprobe nf_nat_ftp
/sbin/modprobe nf_conntrack_ftp

#/sbin/modprobe ipt_owner
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#/sbin/modprobe ip_nat_ftp
#/sbin/modprobe ip_nat_irc

###########################################################################
#
# 3. /proc set up.
#

#
# 3.1 Required proc configuration
#

#
# 3.2 Non-Required proc configuration
#
echo «1» > /proc/sys/net/ipv4/ip_forward
#echo «1» > /proc/sys/net/ipv4/conf/all/rp_filter
#echo «1» > /proc/sys/net/ipv4/conf/all/proxy_arp
#echo «1» > /proc/sys/net/ipv4/ip_dynaddr

###########################################################################
#
# 4. rules set up.
#

######
# 4.1 Filter table
#

#
# 4.1.1 Set policies
#
IPTABLES=«/usr/sbin/iptables»
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F



#$IPTABLES -i $LAN_IFACE -d ! 192.168.1.0/24 -j SNAT --to-source 192.168.2.2
$IPTABLES -P INPUT ACCEPT
###$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
###$IPTABLES -F OUTPUT

$IPTABLES -P FORWARD ACCEPT


IPcad, странное поведение. Не совпадает стаитика. Помогите!

# Squid redirect S

iptables -t nat -A PREROUTING -s $S_LAN -d ! 192.168.2.63 -p tcp -m multiport --dport 80,81,82,83,88,8000,8001,8002,8080,8081 -j REDIRECT --to-port 3128


#bypass for M
iptables -t nat -A PREROUTING -s $M_LAN -d 192.168.2.172 -p tcp -m multiport --dport 80,81,82,83,88,8000,8001,8002,8080,8081 -j ACCEPT
iptables -t nat -A PREROUTING -s $M_LAN -d mingle.antonio -p tcp -m multiport --dport 8080 -j ACCEPT

# Squid redirect M
iptables -t nat -A PREROUTING -s $M_LAN -d ! 192.168.3.1 -p tcp -m multiport --dport 80,81,82,83,88,8000,8001,8002,8080,8081 -j REDIRECT --to-port 3128

iptables -t nat -A POSTROUTING -s $S_LAN -p tcp -d 10.0.0.1 --dport 3306 -o tun0 -j SNAT --to-source 10.0.0.14
iptables -t filter -A FORWARD -s $S_LAN -p tcp -d 10.0.0.1 --dport 3306 -j ACCEPT
iptables -t filter -A FORWARD -s $S_LAN -p tcp --dport 3306 -j DROP

# Block access to prioxy from internet
iptables -t filter -A INPUT -i eth5 -p tcp --dport 3128 -j DROP

$IPTABLES -A FORWARD -p tcp -s $S_LAN --dport 25 -d x.x.x.1 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $S_LAN --dport 25 -d x.x.x.1 -j ACCEPT

$IPTABLES -A FORWARD -p tcp -s 192.168.2.172 --dport 25 -d x.x.x.2 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s 192.168.2.172 --dport 25 -d x.x.x.2 -j ACCEPT

$IPTABLES -A FORWARD -p tcp -s 192.168.2.171 --dport 25 -d x.x.x.2 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s 192.168.2.171 --dport 25 -d x.x.x.2 -j ACCEPT

$IPTABLES -A FORWARD -p tcp -s 192.168.2.138 --dport 25 -d x.x.x.2 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s 192.168.2.138 --dport 25 -d x.x.x.2 -j ACCEPT

$IPTABLES -A FORWARD -p tcp --dport 25 -d 0.0.0.0/0.0.0.0 -j REJECT
$IPTABLES -A FORWARD -p udp --dport 25 -d 0.0.0.0/0.0.0.0 -j REJECT

#######################################################

#$IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP


Вот два запроса на получение из базы суммы трафика за месяц. На имена файлов внимание не обращайте. Стаистика за август.

echo «INPUT TRAFFIC SUMM (JUNE):» >> /var/log/inet_counters/INPUT_TRAFFIC_SUMM_JUNE.log;
/usr/bin/mysql --user=stat --password=qwe_111 -e"SELECT SUM(\`bytes\`) AS input_bytes FROM \`stat\` WHERE date>='2010-09' AND date<'2010-10' AND (destination
LIKE '192.168.2.%' OR destination LIKE '192.168.3.%') \G;" ipcad >> /var/log/inet_counters/INPUT_TRAFFIC_SUMM_JUNE.log;
wait
echo " " >> /var/log/inet_counters/INPUT_TRAFFIC_SUMM_JUNE.log;

echo «OUTPUT TRAFFIC SUMM (JUNE):» >> /var/log/inet_counters/OUTPUT_TRAFFIC_SUMM_JUNE.log;
/usr/bin/mysql --user=stat --password=qwe_111 -e"SELECT SUM(\`bytes\`) AS output_bytes FROM \`stat\` WHERE date>='2010-09' AND date<'2010-10' AND (source LIKE
'192.168.2.%' OR source LIKE '192.168.3.%') \G;" ipcad >> /var/log/inet_counters/OUTPUT_TRAFFIC_SUMM_JUNE.log;
wait
echo " " >> /var/log/inet_counters/OUTPUT_TRAFFIC_SUMM_JUNE.log;


Вот статистика от скриптов:

cat /var/log/inet_counters/INPUT_TRAFFIC_SUMM_JUNE.log
INPUT TRAFFIC SUMM (JUNE):
*************************** 1. row ***************************
input_bytes: 39464216781

root@mainrouter:/etc# cat /var/log/inet_counters/OUTPUT_TRAFFIC_SUMM_JUNE.log
OUTPUT TRAFFIC SUMM (JUNE):
*************************** 1. row ***************************
output_bytes: 7630743709


Vnstat показывает за месяц rx 146 Гб. tx 32 Гб.







mora ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.