IP Accounting: Difference between revisions

From Alpine Linux
(Added information on softflowd setup)
m (documentation was moved to github it seems.)
 
(6 intermediate revisions by 4 users not shown)
Line 6: Line 6:
  * pmacct-0.12.4-r3
  * pmacct-0.12.4-r3
  * postgresql 8.4
  * postgresql 8.4
* softflowd 0.9.8


== Install and Configure pmacct ==
== Install and Configure pmacct ==
Line 15: Line 14:


  postgres$ psql -d template1 -f pmacct-create-db.pgsql
  postgres$ psql -d template1 -f pmacct-create-db.pgsql
  postgres$ psql -d pmacct -f pmacct-create-table_v7.pgsql
  postgres$ psql -d pmacct -f pmacct-create-table_v1.pgsql


=== NetFlow Collector Daemon ===
=== NetFlow Collector Daemon ===
Line 24: Line 23:
  pidfile: /var/run/nfacctd.pid
  pidfile: /var/run/nfacctd.pid
  syslog: daemon
  syslog: daemon
 
  sql_host: <HOSTNAME>
  sql_host: <HOSTNAME>
  sql_passwd: <PASSWORD>
  sql_passwd: <PASSWORD>
  sql_table_version: 7
  sql_table_version: 1
 
  plugins: pgsql
  plugins: pgsql
 
  sql_optimize_clauses: true
  sql_optimize_clauses: true
sql_recovery_logfile: /var/log/nfacct_recovery_log
  sql_history: 1m
  sql_history: 5m
  sql_history_roundoff: m
  sql_history_roundoff: mhd
  sql_dont_try_update: true
  sql_dont_try_update: true
 
  aggregate: src_host,dst_host,src_port,dst_port,proto
  aggregate: src_host,dst_host,src_port,dst_port,proto
nfacctd_sql_log: true


A full list of options supported by pmacct can be found [http://wiki.pmacct.net/OfficialConfigKeys here].
For explanation of the keywords above and full list of options supported by pmacct see [https://raw.githubusercontent.com/pmacct/pmacct/master/CONFIG-KEYS here].


== Install and setup NetFlow sensor ==
[[Category:Networking]]
It's assumed that this is done on a seperate computer than the collector. <br />
[[Category:Monitoring]]
<br />
[[Category:SQL]]
Install NetFlow sensor:
apk add softflowd
Start softflow (substituting 192.168.0.10 with your collector's IP address, 9996 with the port nfmaccd is listening on, and eth0 with the interface to monitor):
softflowd -i eth0 -n 192.168.0.10:9996
After a minute or two, check that flows are being analyzed on the box:
softflowctl statistics

Latest revision as of 01:17, 13 January 2022

This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Nergal on 13 Jan 2022.)

This document will show how to configure pmacct for IP accounting. Pmacct will be configured as NetFlow and sFlow collector using PostgreSQL as DB backend.

The following software have been used at the time of writing of this document:

* pmacct-0.12.4-r3
* postgresql 8.4

Install and Configure pmacct

apk add pmacct pmacct-doc

On postgreSQL server launch the following scripts found in /usr/share/doc/pmacct/sql (make sure to change the default password for user "pmacct" in pmacct-create-db.pgsql):

postgres$ psql -d template1 -f pmacct-create-db.pgsql
postgres$ psql -d pmacct -f pmacct-create-table_v1.pgsql

NetFlow Collector Daemon

Edit /etc/nfmacctd.conf, changing "<HOSTNAME>" and "<PASSWORD>" to correct values:

daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon

sql_host: <HOSTNAME>
sql_passwd: <PASSWORD>
sql_table_version: 1

plugins: pgsql

sql_optimize_clauses: true
sql_history: 1m
sql_history_roundoff: m
sql_dont_try_update: true

aggregate: src_host,dst_host,src_port,dst_port,proto

nfacctd_sql_log: true

For explanation of the keywords above and full list of options supported by pmacct see here.