Home / server / Questions

Questions[accounting](server)

Martin Hope
oucil
Asked: 2020-05-26 10:34:05 +0800 CST
  • 5

I'm attempting to track the total data being transmitted from a specific set of IP addresses (both IPv4 and IPv6) using nftables with a named counter on the rule. My goal is to be able to track this total over the course of a calendar month so I can bill against usage.

The related rules look like this:

add table stats
add counter stats os-traffic-4
add counter stats os-traffic-6
add chain inet stats INPUT { type filter hook input priority 0; }
add rule ip  stats INPUT ip  saddr 192.168.123.123 counter name os-traffic-4
add rule ip  stats INPUT ip  saddr 192.168.123.234 counter name os-traffic-4
add rule ip  stats INPUT ip  saddr 192.168.123.345 counter name os-traffic-4
add rule ip6 stats INPUT ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234 counter name os-traffic-6
add rule ip6 stats INPUT ip6 saddr 1234:1234:1234:1234:1234:1234:1234:2345 counter name os-traffic-6
add rule ip6 stats INPUT ip6 saddr 1234:1234:1234:1234:1234:1234:1234:3456 counter name os-traffic-6

I'm using stateful objects (named counters) to sum all of the traffic from the IPv4 and IPv6 addresses respectively, named os-traffic-4 and os-traffic-6. I can then use the command line to get those stats with nft list counter stats os-traffic-6.

My questions are:

  1. Where are these stats stored, I don't see them in a log anywhere and can't find reference in any documentation?

  2. Will these statistics persist past a reboot of the machine or will the counters reset?

  3. If they do reset, how do I restore them at boot time? I believe it's possible to include the counter values when using add rule... packets 1234 bytes 123456 but how do I do it for a named counter and also... #1... where do I get these numbers from?

Thanks for any help!

logging networking traffic nftables accounting
Martin Hope
mahoke
Asked: 2011-11-15 18:02:58 +0800 CST
  • 3

I am not a network engineer, but rather a translator, so I apologize in advance if this is a rather obvious question to some of you. Normally Google can answer my questions, but in this case I'm coming up blank. If I'm asking this in the wrong forum, please let me know.

The text is talking about RADIUS accounting functionality. It says that when there are many (more than 200) authenticated terminals, if a command is issued to forcibly clear the terminals, "sliding to the next RADIUS accounting server may occur" -- the original text literally says "RADIUS accounting server-slide".

I think I can basically understand what they are getting at in terms of meaning, but I would like to know whether this is the correct expression to use. I get the impression from my inability to find it simply by Googling that perhaps it's described differently in English.

radius accounting
Martin Hope
user53747
Asked: 2011-02-08 16:25:00 +0800 CST
  • 4

I have a sub-net of machines which are run autonomously by users. I control the server which acts as gateway between the sub-net and the internet. My server is running Ubuntu.

I'm looking for a way to:

  • Record the amount (only need size, don't care about what or from where) of incoming and outgoing network traffic per sub-net IP.
  • Subsequently query the amount of network traffic that occurred on a particular IP address during a particular time-frame.
  • Bonus: Allow me to cap or shape traffic for a specific IP address once a certain (configurable) volume has been reached.

Basically, something that let's me account and charge users for their network traffic.

network-monitoring accounting
Martin Hope
netom
Asked: 2010-10-16 01:57:41 +0800 CST
  • 3

I have several users on a computer running Linux (Ubuntu Lucid to be more specific).

I need to see how much network traffic they generate on a specific interface.

Iptables can match outgoing packages, so I could create chains for every user to be able to count outgoing network traffic. However, incoming traffic is significant too.

I have several options: -Writing a new iptables match for incoming packets -Writing a new iptables module that combines outgoing packet user match and connection tracking -Writing a TUN/TAP driver that somehow able to identify the sender / receiver process and user, and write a log -...

What is the best way to do this? Are there any existing solutions for this?

Thank you in advance.

linux networking traffic accounting
Martin Hope
Alexandre Nizoux
Asked: 2010-03-13 13:48:24 +0800 CST
  • 5

Title says it all.

How can I, with iptables under Linux, log all IP connecting to a server? As a little detail, I'd like to have only ONE entry in the log PER DAY PER IP.

Thanks :)

EDIT:

I narrowed it down to 5 packets logged for every new session which is weird since I use --hashlimit 1 --haslimit-burst 1, I suspect that --m limit which defaults to 5 plays a role in there. Trouble is, if I set --m limit to 1, only 1 entry is logged for ALL IP instead one per EACH IP.

The reason I want to do this is also to avoid as much as possible logs growing too fast since this will be a rather unmanaged box.

EDIT2: Here is my current try, in a iptables-restore format: (on several lines for ease of reading)

-A FORWARD -d 10.x.x.x -p tcp --dport 443 -m state --state NEW 
-m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 
--hashlimit-mode srcip --hashlimit-name denied-client 
-j LOG --log-prefix "iptables (denied client): "
linux logging iptables filter accounting