netacct-mysql-0.78 (Network Traffic Accounting Daemon)

tested on SuSE 10.0

This program can account of the network traffix passing through the Linux box.

The traffic ammount is saved in MySQL.

From the web interface called netstat, we can see individual computer's traffic.

Installation

  • netacct-0.71-500.i586.rpm comes with SuSE installation media. However, this version does not support database. If it is installed, uninstall it. 
    # rpm -e netacct
  • If you are running Snort, netacct does not work. 
    # chkconfig snort off
# /etc/init.d/snort stop
  • Install Apache, PHP4, MySQL. Do not forget to install mysql-devel.
  • Download netacct-mysql-0.78.tar.gz and netstat-3.04_1.tar.gz from netacct-mysql webpage.
  • Install netacct 
    # cp netacct-mysql-0.78.tar.gz /usr/local/src
# cd /usr/local/src
# tar zxvf netacct-mysql-0.78.tar.gz
# cd netacct-mysql-0.78/
# ./configure
# make
# make install
# cp /usr/local/src/netacct-mysql-0.78/contrib/nacctd.redhat /etc/init.d/nacctd
  • edit /etc/init.d/nacctd 
    ...
# . /etc/rc.d/init.d/functions
...
#       daemon $nacctd $OPTIONS
        $nacctd $OPTIONS
...
  • Install netstat 
    # cp netstat-3.04_1.tar.gz /usr/local/src
# cd /usr/local/src
# tar zxvf netstat-3.04_1.tar.gz
# cp netstat-3.04_1 /srv/www/htdocs/netstat -R
# rm -fr /srv/www/htdocs/netstat/contrib
# mysql -u root -p < /usr/local/src/netstat-3.04_1/contrib/netstat.sql
# mysql -u root -p < /usr/local/src/netacct-mysql-0.78/netacct.sql
    Note: If you see errors during installing the netstat.sql, check the file and remove the first line.
  • Edit /etc/local/etc/naccttab 
    sniff 1                         # 0 = not setting PROMISC mode
                                # 1 = put interface in PROMISC mode

database mysql                  # must be mysql for now

mysql_user acct                 # usually you don't need to change this

mysql_password acct_password    # change this to your password

mysql_host localhost            # sometimes you need to change this to
                                # 127.0.0.1 instead of localhost

mysql_port 0                    # mysql port, 0 if you are using a socket

mysql_database netacct          # usually you don't need to change this

pidfile  /var/run/nacctd.pid    # set pid file
                                # tis will help if you want to
                                # two (or more) nacctd on same machine

# compactnet 62.73.77.0 255.255.255.0
# compactnet 192.168.1.0 255.255.255.0
compactnet 192.168.0.0 255.255.255.0

                                # log traffic only for these networks
                                # all other packets are NOT logged

# ournet 62.73.77.0 255.255.255.0
ournet 202.0.0.0 255.255.255.240

                                # Ours IP nets for diferenciation of
                                # peering traffic types

direct_peer 217.75.132.0 255.255.255.0
direct_peer 62.176.90.0 255.255.255.0
direct_peer 212.72.212.0 255.255.255.0
direct_peer 217.75.136.0 255.255.255.0
direct_peer 194.12.226.80 255.255.255.240
direct_peer 194.12.233.96 255.255.255.224
direct_peer 194.12.233.160 255.255.255.224

                                # log traffic between 2 or more regional ISP-s

flush 300                       # flush every 5 minutes
                                # this gives the interval in seconds
                                # when the accumulated data is flushed
                                # to the output file

errdelay 2
fdelay 60

notdev eth1                     # Dont log entries for this device
                                # Use this on routers that you dont
                                # log forwarded packets twice.

device eth0                     # device to put into promiscous mode
                                # you can specify as many as you want
                                # and you don't have to specify one
                                # (e.g. if this runs on your router)
                                #
                                # if you plan to use it on some *BSD
                                # system put here apropriate device
                                # i.e. - device ep0

# iflimit eth0                  # on machines with multiple interfaces,
                                # log only packets on this interface
                                # mutually exclusive with hostlimit

# ignoremask 255.255.255.0        # Ignore traffic on same class C net
                                # This means traffic that is on
                                # your local LAN is not counted.
                                # This is useful for NFS etc.
                                # Not giving this option causes everything
                                # to be counted.
                                # This can degrade performance seriously!

ignorenet 127.0.0.0 255.0.0.0   # ignore loopback net
                                # You can define as many ignorenets as
                                # you want. Ignoring a net with
                                # ignorenet is not as efficient as
                                # ignoremask. Thus you should exclude
                                # your local network with ignoremask,
                                # not with ignorenet (although this is
                                # is possible).

debug 0                         # set debugging level
debugfile /tmp/nacctd.debug     # where to put debugging info
  • Start nacctd 
    # chkconfig nacctd on
# /etc/init.d/nacctd start
  • If you have no error, you see /var/log/message as, 
    Feb  2 21:12:54 suse10 nacctd: net accounting daemon started
Feb  2 21:12:54 suse10 nacctd: config: sniff set to 0
Feb  2 21:12:54 suse10 nacctd: config: mysql_user = acct
Feb  2 21:12:54 suse10 nacctd: config: password ok!
Feb  2 21:12:54 suse10 nacctd: config: mysql_host = localhost
Feb  2 21:12:54 suse10 nacctd: config: mysql_port = 0
Feb  2 21:12:54 suse10 nacctd: config: mysql DB = netacct
Feb  2 21:12:54 suse10 nacctd: config: pid_file set to /var/run/nacctd.pid
Feb  2 21:12:54 suse10 nacctd: config: set flushing to 300
Feb  2 21:12:54 suse10 nacctd: config: set delay on error to 2
Feb  2 21:12:54 suse10 nacctd: config: set fdelay to 60
Feb  2 21:12:54 suse10 nacctd: config: added notdevice eth1
Feb  2 21:12:54 suse10 nacctd: config: added listen device eth2
Feb  2 21:12:54 suse10 nacctd: config: debug level 0
Feb  2 21:12:54 suse10 nacctd: config: set debug to /tmp/nacctd.debug
Feb  2 21:12:54 suse10 nacctd: FIXME: add header info and use it (dont panic this is just msg-reminder
Feb  2 21:12:54 suse10 nacctd: net accounting daemon forked
Feb  2 21:12:55 suse10 nacctd: clear_counters() called
  • In default, only the localhost can access the netstat web interface. Open http://localhost/netstat/. Use username: admin, password: admin
    • Back
    Google
    Web www.grape-info.com