lug-bg: Traffic
- Subject: lug-bg: Traffic
- From: Stanislav Todorov <stanislavtodorov@xxxxxx>
- Date: Tue, 14 Sep 2004 19:13:04 +0300 (EEST)
Мерси за помощта, която за инфото което имахте пак е полезна. :)
мислям, че няма SQL база данни и работата ще стане по лесно. Ще сеопитам да ви дам малко насоки и какви приложения има в системата. ОС-а е Ред Хат 9.0 мисля. В root директорията има следните файлове:
anaconda-ks.cfg install ipt traffic
ap-utils-1.4 install.log ipt.save install.log.syslog
ap-utils-1.4.tar.bz2
Предполагам , че тези логове не са много интерестни. КОгато кат-нах файла traffic ми излезе следното:
#!/bin/sh
#
/usr/local/sbin/fetchipac
#
cat /var/www/html/traffic/frag1 > /var/www/html/traffic/index.html
date >> /var/www/html/traffic/index.html
cat /var/www/html/traffic/frag2 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe today >> /var/www/html/t$
cat /var/www/html/traffic/frag3 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe yesterday >> /var/www/ht$
cat /var/www/html/traffic/frag4 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe thisweek >> /var/www/htm$
cat /var/www/html/traffic/frag5 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe lastweek >> /var/www/htm$
cat /var/www/html/traffic/frag6 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe thismonth >> /var/www/ht$
cat /var/www/html/traffic/frag7 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe lastmonth >> /var/www/ht$
cat /var/www/html/traffic/frag8 >> /var/www/html/traffic/index.html
/usr/local/sbin/ipacsum --fixed-quantity M --timeframe thisyear >> /var/www/htm$
cat /var/www/html/traffic/frag9 >> /var/www/html/traffic/index.html
Ако нещо ви помага това? Тези фрагове какви са и как да ги редактирам примерно? И дали ще ми свърши работа?
Когато вляза в тези fragove - еми това са част от страницата на трафика която е генерирана с Apache.
И последното, което според мене може да ви помогне да ме посъветвате е , че главният администратор ме съжали и каза да погледна в /etc/ipac-ng
/etc/ipac-ng/ipac.conf и /etc/ipac-ng/rules.conf.iptables
Съдържание конфиг файла:
# ipac.conf
# This is the main ipac-ng configuration file. It contains the
# configuration directives that give the ipac-ng its instructions.
## mode of operations: operate only like old ipac or not
#
classic mode = yes
## specify access agent.
# supported are: files, postg. files works with classic mode only
#
access agent = files
## accouting agent.
# iptables and ipchains are only options
# (ipchains is not recommended)
#
account agent = iptables
## storage. gdbm, postgre and plain-file supported.
# (plain-file is not recommended)
#
storage = gdbm
## rules file for classic mode
#
#rules file = /etc/ipac-ng/ipac-rules.conf
rules file = /etc/ipac-ng/rules.conf.iptables
## login all users at startup
# (specific only for nonclassic mode - only those who has enough cash!)
#
#login at start = yes
## support for traffic passing to\from auth host
# (specific only for nonclassic mode)
## name or ip of the auth host
## disable support if not specified,
##auth host = sibinet.com
# dont store lines containing only zeroes - speedup processing and save space
#
drop zero lines = yes
И съдържанието на IP-tables e много голямо затова ще напиша само един пример:
# Example config file with accounting rules
# Install as /etc/ipac-ng/rules.conf.iptables
#
# Format:
# Name of rule|direction|interface|protocol|source|destination
# WARNING!!!! spaces are not allowed before and after '|'.
#
# where
# Name of rule Any string to identify this rule
# direction ipac~fi - forward in
# ipac~fo - forward out
# ipac~i - outgoing from machine with ipac-ng to other $
# (or incoming to otherhost)
# ipac~o - incoming to machine with ipac-ng
# (or outgoing from otherhost)
#
# interface interface name, '+' means all interfaces (dont try to u$
# protocol tcp | udp | icmp | all
# source \
# destination both as described in ipfwadm(8), or empty
#
# incoming:
# lets demonstrate this by following rules.
# Example 1:
# there are some hosts in out net 192.168.0.0/24
# our ipac-ng host has two interfaces - eth0 connected to local net
# and eth1 to internet
# lets count all traffic incoming to our net
# forwarded from inet (0/0) to localnet (192.168.0.0/24)
incoming all to homelan2|all|192.168.0.0/24
# incoming to localnet from ipac-ng host (specify ipac-ng ip's here, to avoid
# doubling forwarded traffic when using N$
incoming all to homelan2|all|192.168.0.1|192.168.0.0/24
# same for outgoing:
outgoing all from homelan2|ipac~fo||all|192.168.0.0/24|
outgoing all from homelan2|ipac~o||all|192.168.0.0/24|192.168.0.1
# and now we want to know, how much there is traffic to our ipac host from inet
incoming inet to Server|ipac~fo|eth0|all||
# same for outgoing for this host
outgoing inet from Server|ipac~i|eth0|all||
# Count fot IP - 192.168.0.245 USER
# incoming:
incoming to USER|ipac~fi|eth0|all||192.168.0.245
incoming to USER|ipac~i|eth0|all||192.168.0.245
# outgoing:
outgoing from USER|ipac~fo|eth0|all|192.168.0.245|
outgoing from USER|ipac~o|eth0|all|192.168.0.245|
# incoming and outgoing:
total traffic USER|ipac~fi|eth0|all||192.168.0.245
total traffic USER|ipac~i|eth0|all||192.168.0.245
total traffic USER|ipac~fo|eth0|all|192.168.0.245|
total traffic USER|ipac~o|eth0|all|192.168.0.245|
И последно което може да ви помогне е съдържанието на папката INSTALL в /root:
c: iptraf-2.7.0-6.i386.rpm pine-4.44-18.i386.rpm
c:haha mc-4.6.0-4.i386.rpm webmin-1.100-1.noarch.rpm
ipac-ng-1.27.tar.gz nmap-3.00-4.i386.rpm
от там се усъмних в това iptraf и locate:
/var/log/iptraf
/var/log/iptraf/rvnamed.log
/var/lock/iptraf
/var/run/iptraf
/var/run/iptraf/ethernet.desc
/var/run/iptraf/iptraf-processcount.dat
/var/run/iptraf/iptraf-itrafmoncount.dat
/var/run/iptraf/iptraf.cfg
/var/run/iptraf/savedfilters.dat
/var/run/iptraf/iptraf-lanmoncount.dat
/root/install/iptraf-2.7.0-6.i386.rpm
/usr/bin/iptraf
Група предварително мерси ако си направи труда да анализира това което пратих! Давам си обещание, че ако всичко мине нормално ще го изям този софтуер с ушите :) Мерси за отделеното внимание и похабените нерви покрай моето невежество!
Поздрави Стан
-----------------------------------------------------------------
lex.gbg.bg - За да знаете правата си!
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|