Inet-Admins mailing list archive (inet-admins@info.east.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[inet-admins] NeTraMet
- To: inet-admins@info.east.ru
- Subject: [inet-admins] NeTraMet
- From: Vladimir Kravchenko <jimson@mostcom.ru>
- Date: 13 Nov 2001 22:24:04 +0300
- Delivered-to: inet-adm-outgoing@frog.east.ru
- Delivered-to: inet-admins@info.east.ru
- User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.5 (asparagus)
NeMaC сбрасывает в лог flows только те по которым "прекратилась активность"
Я не вижу никаких таймаутов или возможности сказать NeMac сбрасывать в лог
информацию по всем активным flow, вероятно я что то не так настроил ибо
необходимость в fd_filter у меня отпадает при таком поведении NeMaC.
Где я не прав, подскажите pls.
/usr/mostcom/bin/NetFlowMet -i12001 -i12002 -f20000 -b5000 -t10000 -v1000
-e300 -D -m12000
/usr/mostcom/bin/NeMaC -p -P -k120 -h75 -g600 -r iprule -c300 -m12000
localhost private
one[jimson]:.../netramet $ cat rule.srl
if SourcePeerType == IPv4 {
save SourcePeerAddress/32;
save DestPeerAddress/32;
save SourceInterface;
save DestInterface;
save SourceTransAddress/16;
save DestTransAddress/16;
save SourceTransType;
save MeterID;
} else IGNORE ;
COUNT ;
FORMAT
FlowRuleSet FlowIndex FirstTime MeterID SourceTransType
SourcePeerAddress DestPeerAddress ToOctets FromOctets ToPDUs FromPDUs
SourceTransAddress DestTransAddress SourceInterface DestInterface ;
SET 5 ;
--- x.x.x.19 ping statistics ---
2008 packets transmitted, 2008 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.645/3.073/11.627/0.380 ms
##NeTraMet v4.3: -c300 -r ip4.rule localhost udp-12001, udp-12002 20000
flows starting at 18:43:59 Tue 13 Nov 2001
#Format: flowruleset flowindex firsttime meterid sourcetranstype
sourcepeeraddress destpeeraddress tooctets fromoctets topdus frompdus
sourcetransaddress desttransaddress sourceinterface destinterface
#Time: 18:43:59 Tue 13 Nov 2001 localhost Flows from 0 to 177499
#Ruleset: 5 5 ip4.rule NeMaC
#EndData: localhost
#Time: 18:45:00 Tue 13 Nov 2001 localhost Flows from 177498 to 183506
5 7 2147681003 2 17 x.x.x.101 x.x.x.9 115 0 1 0 51464 1719 98 0
#EndData: localhost
#Time: 18:50:00 Tue 13 Nov 2001 localhost Flows from 183505 to 213524
5 7 423012325 2 17 x.x.x.101 x.x.x.9 2612 0 19 0 51464 1719 98 0
5 8 857539048 2 17 x.x.x.11 x.x.x.19 384 0 8 0 1646 1646 98 0
5 9 1728183766 2 1 x.x.x.11 212.111.67.6 66024 0 786 0 0 2048 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 76 0 1 0 123 123 98 0
#EndData: localhost
#Time: 18:55:00 Tue 13 Nov 2001 localhost Flows from 213523 to 243543
5 7 423012325 2 17 x.x.x.101 x.x.x.9 3801 0 29 0 51464 1719 98 0
5 8 857539048 2 17 x.x.x.11 x.x.x.19 528 0 11 0 1646 1646 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 228 0 3 0 123 123 98 0
5 11 13659611 2 17 193.79.237.14 x.x.x.19 76 0 1 0 123 123 98 0
#EndData: localhost
#Time: 19:00:00 Tue 13 Nov 2001 localhost Flows from 243542 to 273561
5 7 423012325 2 17 x.x.x.101 x.x.x.9 5375 0 41 0 51464 1719 98 0
5 8 857539048 2 17 x.x.x.11 x.x.x.19 768 0 16 0 1646 1646 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 456 0 6 0 123 123 98 0
#EndData: localhost
#Time: 19:05:00 Tue 13 Nov 2001 localhost Flows from 273560 to 303591
5 7 423012325 2 17 x.x.x.101 x.x.x.9 8341 0 63 0 51464 1719 98 0
5 8 423053128 2 17 x.x.x.11 x.x.x.19 1296 0 27 0 1646 1646 98 0
5 10 426355674 2 17 x.x.x.18 x.x.x.19 608 0 8 0 123 123 98 0
5 11 2577269464 2 17 193.79.237.14 x.x.x.19 152 0 2 0 123 123 98 0
>5 12 432997858 2 1 x.x.x.12 x.x.x.19 149772 0 1783 0 0 2048 98 0
#EndData: localhost
--
Vladimir Kravchenko / PK Mostcom JSC / system engineer
Tel: +7 095 4360522 / UIN: 132038843 / Email: jimson@mostcom.ru
=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on
|
