Re: ULOG Packet Count - Eric Leblond

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Leblond <eric@regit.org>
To: Sassy Natan <sassyn@gmail.com>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: ULOG Packet Count
Date: Mon, 03 Feb 2014 23:05:10 +0100	[thread overview]
Message-ID: <1391465110.19856.14.camel@ice-age2.regit.org> (raw)
In-Reply-To: <CACHQFzFTDJ-zj9wx+my4Oy9sQ=nZg4mG=FX8JC7kHm-3n-Z-Bw@mail.gmail.com>

Hi,

On Mon, 2014-02-03 at 23:40 +0200, Sassy Natan wrote:
> Hi All,
> 
> 
> I being trying to understand how to get ulog2 to capture my network
> traffic in terms of accounting.
> 
> I have setup my ubuntu to work with ulog2 and MySQL, and manage to get
> the tables fill up with data.
> 
> Howerver, I didn't manage to understand how to get the packet length
> so I could calculate the amount of data generated for the specific
> service.
> 
> In ulogd.conf I configure the following:
> 
> stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
> stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
> 
> 
> Tables ulog2 and ulog2_ct are being populated with the data.
> In ulog2_ct I can see a column name orig_bytes and orig_packets but
> both of them are always 0.

You need to enable accounting in conntrack:

echo "1">/proc/sys/net/netfilter/nf_conntrack_acct

> I google for this and found this
> http://mohskitchen.wordpress.com/2012/08/27/accounting-with-ulogd-2-and-conntrack-on-a-gbit-nat/
> 
> I'm also aware of nfacct, but haven't find a way to make it work with MySQL.

Yes, MySQL schema has not been adapted to store these informations.

Sassy, are you able to do it based on PostgreSQL one ? Commit
implementing this is d9377e7ba22ec13a0c73785f86e5bcc869d1051f

BR,
-- 
Eric Leblond <eric@regit.org>

next prev parent reply	other threads:[~2014-02-03 22:05 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-03 21:40 ULOG Packet Count Sassy Natan
2014-02-03 22:05 ` Eric Leblond [this message]
2014-02-03 22:13   ` Sassy Natan
2014-02-03 22:17     ` Eric Leblond

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1391465110.19856.14.camel@ice-age2.regit.org \
    --to=eric@regit.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=sassyn@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).