Hi Group,
I was wonder if it is possible to use shorewall-accounting with ULOG2 and
NFLOG.
My Goal is as follow:
Say I have in rules something like this:
accept fw all all
accept all fw tcp 80,443
drop all all all
with the following in accounting:
web - eth0 - tcp 80
web - - eth0 tcp -
80
web - eth0 - tcp 443
web - - eth0 tcp -
443
web - eth0 - tcp - 80
web - - eth0 tcp 80
web - eth0 - tcp -
443
web - - eth0 tcp 443 -
COUNT web eth0
COUNT web - eth0
DONE web
While I can easy check the account status for web traffic in and out, all
other traffic go under different chain.
So My question is
1 Can I define somehow an automatic way to update the accounting file for
each time I creating /deleting rule from rules
So I I have something like
accept all fw tcp 80,443,21
I will have a two chain one for web traffic and one for ftp(21) traffic ?
2. What I have some like this
accept fw any all
Can I have accounting provide me not only the amount of traffic outbound ,
but also specified per other ports? say for DNS, SMTP traffic etc... or I
would have to create them one time in the accounting file?
3. I saw the accounting support the NFLOG. Can someone please provide an
example how to used it? what is the generated output from this? Does ULOG2
support this?
I know about
https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ but
I not sure I can used nfacct due to kernel issues, and besides does
accounting with ULOG2 is supported with mysql?
Thanks
Sassy
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don''t have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
Sassy Natan wrote:> Can I have accounting provide me not only the amount of traffic outbound , but also specified > per other ports? say for DNS, SMTP traffic etc... or I would have to create them one time in the accounting file?You need to create accounting rules for all traffic you want to account for. SO if you want to track the traffic on (say) port 25), then you''ll have to create a rule to track that. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don''t have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
Hi All,
In the http://www.shorewall.net/manpages/shorewall-accounting.html it says
NFLOG[(nflog-parameters)] - Added in Shorewall-4.4.20.
However the manual doesn''t say how to use it
ACTION - {COUNT|DONE|*chain*[:{COUNT|JUMP}]|ACCOUNT(*table*,*network*
)|[?]COMMENT *comment*}
I tried to do
COUNT:LOG:NFLOG(1,0,1) web eth0
LOG:NFLOG(1,0,1) web eth0
NFLOG(1,0,1) web eth0
Even defined in param $LOG but still nothing
With rules I manage to make it working and even got it linked to ulog2 with
mysql.
But i can''t get how to make it working with conntrack table with ulog2.
Any Ideas?
Thanks
Sassy
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don''t have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
Thanks Simon I guess no other way but to do this but only as u offer. Google this I found http://thr3ads.net/shorewall-users/2011/05/2375973-How-to-do-per-interface-accounting-with-NFLOG-in-shorewall but I not sure I got what Tom means in when he says the ''start'' extension script. Wonder is there is no auto way to do so? so when I create a rule - a corresponding accounting chain will be created as well. Thanks Sassy On Fri, Dec 13, 2013 at 6:56 PM, Simon Hobson <linux@thehobsons.co.uk>wrote:> Sassy Natan wrote: > > Can I have accounting provide me not only the amount of traffic outbound > , but also specified > > per other ports? say for DNS, SMTP traffic etc... or I would have to > create them one time in the accounting file? > > You need to create accounting rules for all traffic you want to account > for. SO if you want to track the traffic on (say) port 25), then you''ll > have to create a rule to track that. > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don''t have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don''t have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
Sassy Natan wrote:> but I not sure I got what Tom means in when he says the''start'' extension script.I''ve not used it, but IIRC you can have Shorewall run a script when it''s started. IN this, you put whatever commands you want - eg use iptables to add the chain(s) you want.> Wonder is there is no auto way to do so? so when I create a rule > - a correspondingaccountingchain will be created as well.Depending on your rules (they''d need to be of a very similar structure), you might consider writing yourself a "rules builder" script. Define your rules in a manner that "works for you", and have your script parse that and generate both the rules and accounting entries for Shorewall. Then you simply edit your meta-rules file and rebuild the Shorewall config. The files you generate only need to be the parts this problem affects - and can then be insterted with the include directive in the appropriate Shorewall files. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don''t have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk