IP Accounting

From Alpine Linux
Revision as of 21:12, 1 December 2010 by Jbilyk (talk | contribs) (Added information on softflowd setup)
Jump to: navigation, search
Underconstruction clock icon gray.svg
This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Jbilyk on 1 Dec 2010.)

This document will show how to configure pmacct for IP accounting. Pmacct will be configured as NetFlow and sFlow collector using PostgreSQL as DB backend.

The following software have been used at the time of writing of this document:

* pmacct-0.12.4-r3
* postgresql 8.4
* softflowd 0.9.8

Install and Configure pmacct

apk add pmacct pmacct-doc

On postgreSQL server launch the following scripts found in /usr/share/doc/pmacct/sql (make sure to change the default password for user "pmacct" in pmacct-create-db.pgsql):

postgres$ psql -d template1 -f pmacct-create-db.pgsql
postgres$ psql -d pmacct -f pmacct-create-table_v7.pgsql

NetFlow Collector Daemon

Edit /etc/nfmacctd.conf, changing "<HOSTNAME>" and "<PASSWORD>" to correct values:

daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon
sql_host: <HOSTNAME>
sql_passwd: <PASSWORD>
sql_table_version: 7
plugins: pgsql
sql_optimize_clauses: true
sql_recovery_logfile: /var/log/nfacct_recovery_log
sql_history: 5m
sql_history_roundoff: mhd
sql_dont_try_update: true
aggregate: src_host,dst_host,src_port,dst_port,proto

A full list of options supported by pmacct can be found here.

Install and setup NetFlow sensor

It's assumed that this is done on a seperate computer than the collector.

Install NetFlow sensor:

apk add softflowd

Start softflow (substituting 192.168.0.10 with your collector's IP address, 9996 with the port nfmaccd is listening on, and eth0 with the interface to monitor):

softflowd -i eth0 -n 192.168.0.10:9996

After a minute or two, check that flows are being analyzed on the box:

softflowctl statistics