ULOG Packet Count

ULOG Packet Count

[Sassy Natan]

Hi All,


I being trying to understand how to get ulog2 to capture my network
traffic in terms of accounting.

I have setup my ubuntu to work with ulog2 and MySQL, and manage to get
the tables fill up with data.

Howerver, I didn't manage to understand how to get the packet length
so I could calculate the amount of data generated for the specific
service.

In ulogd.conf I configure the following:

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL


Tables ulog2 and ulog2_ct are being populated with the data.
In ulog2_ct I can see a column name orig_bytes and orig_packets but
both of them are always 0.

I google for this and found this
http://mohskitchen.wordpress.com/2012/08/27/accounting-with-ulogd-2-and-conntrack-on-a-gbit-nat/

I'm also aware of nfacct, but haven't find a way to make it work with MySQL.


Any idea?
Thank u



-- 
Regards,

Sassy Natan
972-(05)54-2203702

Re: ULOG Packet Count

[Eric Leblond]

Hi,

On Mon, 2014-02-03 at 23:40 +0200, Sassy Natan wrote:
> Hi All,
> 
> 
> I being trying to understand how to get ulog2 to capture my network
> traffic in terms of accounting.
> 
> I have setup my ubuntu to work with ulog2 and MySQL, and manage to get
> the tables fill up with data.
> 
> Howerver, I didn't manage to understand how to get the packet length
> so I could calculate the amount of data generated for the specific
> service.
> 
> In ulogd.conf I configure the following:
> 
> stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
> stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
> 
> 
> Tables ulog2 and ulog2_ct are being populated with the data.
> In ulog2_ct I can see a column name orig_bytes and orig_packets but
> both of them are always 0.

You need to enable accounting in conntrack:

echo "1">/proc/sys/net/netfilter/nf_conntrack_acct

> I google for this and found this
> http://mohskitchen.wordpress.com/2012/08/27/accounting-with-ulogd-2-and-conntrack-on-a-gbit-nat/
> 
> I'm also aware of nfacct, but haven't find a way to make it work with MySQL.

Yes, MySQL schema has not been adapted to store these informations.

Sassy, are you able to do it based on PostgreSQL one ? Commit
implementing this is d9377e7ba22ec13a0c73785f86e5bcc869d1051f

BR,
-- 
Eric Leblond <eric@regit.org>

Re: ULOG Packet Count

[Sassy Natan]

Eric First thank you !

d9377e7ba22ec13a0c73785f86e5bcc869d1051f? What do u mean by that?
Is it the git version tag?

I guess it wan't be such a big issue to write a store procedure to get
the acct into mysql.
I will write it and will send it to you for review? Do u think is worth it?

Is there no other way to get the account taffic based on pure ulog
without using the  nacct?

why is the orig_bytes and orig_packets are always 0 in the ulog_ct tables?

Is there any IRC chat where I could chat with you?

Thanks
Sassy

On Tue, Feb 4, 2014 at 12:05 AM, Eric Leblond <eric@regit.org> wrote:
> Hi,
>
> On Mon, 2014-02-03 at 23:40 +0200, Sassy Natan wrote:
>> Hi All,
>>
>>
>> I being trying to understand how to get ulog2 to capture my network
>> traffic in terms of accounting.
>>
>> I have setup my ubuntu to work with ulog2 and MySQL, and manage to get
>> the tables fill up with data.
>>
>> Howerver, I didn't manage to understand how to get the packet length
>> so I could calculate the amount of data generated for the specific
>> service.
>>
>> In ulogd.conf I configure the following:
>>
>> stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
>> stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
>>
>>
>> Tables ulog2 and ulog2_ct are being populated with the data.
>> In ulog2_ct I can see a column name orig_bytes and orig_packets but
>> both of them are always 0.
>
> You need to enable accounting in conntrack:
>
> echo "1">/proc/sys/net/netfilter/nf_conntrack_acct
>
>> I google for this and found this
>> http://mohskitchen.wordpress.com/2012/08/27/accounting-with-ulogd-2-and-conntrack-on-a-gbit-nat/
>>
>> I'm also aware of nfacct, but haven't find a way to make it work with MySQL.
>
> Yes, MySQL schema has not been adapted to store these informations.
>
> Sassy, are you able to do it based on PostgreSQL one ? Commit
> implementing this is d9377e7ba22ec13a0c73785f86e5bcc869d1051f
>
> BR,
> --
> Eric Leblond <eric@regit.org>
>



-- 
Regards,

Sassy Natan
972-(05)54-2203702

Re: ULOG Packet Count

[Eric Leblond]

Hi,

On Tue, 2014-02-04 at 00:13 +0200, Sassy Natan wrote:
> Eric First thank you !
> 
> d9377e7ba22ec13a0c73785f86e5bcc869d1051f? What do u mean by that?
> Is it the git version tag?

Yep.

> I guess it wan't be such a big issue to write a store procedure to get
> the acct into mysql.
> I will write it and will send it to you for review? Do u think is worth it?

Yes, always good to have.

> 
> Is there no other way to get the account taffic based on pure ulog
> without using the  nacct?

nacct is the moist efficient way.

> why is the orig_bytes and orig_packets are always 0 in the ulog_ct tables?

See my previous e-mail. You need to activate conntrack accounting.

> Is there any IRC chat where I could chat with you?

Yes. I'm on #netfilter on irc.freenode.net. Nickname is easy to guess ;)

BR,

> 
> Thanks
> Sassy
> 
> On Tue, Feb 4, 2014 at 12:05 AM, Eric Leblond <eric@regit.org> wrote:
> > Hi,
> >
> > On Mon, 2014-02-03 at 23:40 +0200, Sassy Natan wrote:
> >> Hi All,
> >>
> >>
> >> I being trying to understand how to get ulog2 to capture my network
> >> traffic in terms of accounting.
> >>
> >> I have setup my ubuntu to work with ulog2 and MySQL, and manage to get
> >> the tables fill up with data.
> >>
> >> Howerver, I didn't manage to understand how to get the packet length
> >> so I could calculate the amount of data generated for the specific
> >> service.
> >>
> >> In ulogd.conf I configure the following:
> >>
> >> stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
> >> stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
> >>
> >>
> >> Tables ulog2 and ulog2_ct are being populated with the data.
> >> In ulog2_ct I can see a column name orig_bytes and orig_packets but
> >> both of them are always 0.
> >
> > You need to enable accounting in conntrack:
> >
> > echo "1">/proc/sys/net/netfilter/nf_conntrack_acct
> >
> >> I google for this and found this
> >> http://mohskitchen.wordpress.com/2012/08/27/accounting-with-ulogd-2-and-conntrack-on-a-gbit-nat/
> >>
> >> I'm also aware of nfacct, but haven't find a way to make it work with MySQL.
> >
> > Yes, MySQL schema has not been adapted to store these informations.
> >
> > Sassy, are you able to do it based on PostgreSQL one ? Commit
> > implementing this is d9377e7ba22ec13a0c73785f86e5bcc869d1051f
> >
> > BR,
> > --
> > Eric Leblond <eric@regit.org>
> >
> 
> 
> 

-- 
Eric Leblond <eric@regit.org>