ipac-ng (ipac ng = Next Generation) is an IP accounting package that collects and displays IP accounting data. Typical uses include monitoring and measuring bandwidth consumption with highly customizable filters. Traffic can be measured by host, network, and port. ipac-ng supports ipchains and iptables (recommended).
Install the base ipac-ng package:
sudo apt-get install ipac-ng
(OPTIONAL) For image output support install the libgd-perl package:
sudo apt-get install libgd-perl
You may be prompted to remove the libgd1-noxpm package and replace it with libgd1-xpm. For more information on XPM check out The XPM Story.
(Server install only) Load the ip_tables kernel module:
modprobe ip_tables
(Server install only) Add the ip_tables module to /etc/modules to ensure it is loaded at boot time:
# /etc/modules: kernel modules to load at boot time. # # This file contains the names of kernel modules that should be loaded # at boot time, one per line. Lines beginning with "#" are ignored. lp ip_tables
ipac-ng is now ready to be configured.
ipac-ng is configured by setting rules in the /etc/ipac-ng/rules.conf file. Rules are based on incoming, outgoing, and forwarded traffic. The syntax for setting rules is as follows:
Name of Rule|Direction|Interface|Protocol|Source|Destination|Extension|
Rules can be named the same. This is useful for displaying a total amount of traffic for incoming and outgoing. It is also helpful for calculating the total amount of traffic across multiple ports and displaying as a single output item. Here is an example of a /etc/ipac-ng/rules.conf that calculates the total traffic including incoming, outgoing, and forwarded traffic:
# Example config file with accounting rules for iptables # Install as /etc/ipac-ng/rules.conf # # Total Total System|ipac~o|eth0|all|||| Total System|ipac~fi|eth0|all|||| Total System|ipac~i|eth0|all|||| Total System|ipac~fo|eth0|all||||
The report output looks like:
IP accounting summary Host: superfly / Time created: 2007/06/13 05:04:55 PDT Data from 2007/05/01 09:09:39 PDT to 2007/06/13 05:04:55 PDT Total System : 100G
Once you have configured your rules start ipac-ng:
sudo /etc/init.d/ipac-ng start
By default fetchipac runs every 10 minutes via the cron job (/etc/cron.d/ipac-ng). fetchipac populates the /var/lib/ipac/ directory with the data. To quickly generate and view any data as per your rules run:
fetchipac && ipacsum --timeframe "today"
# CLIENT: HTTP (port 80) HTTP Client Out|ipac~i|+|tcp|0/0|0/0 80 HTTP Client IN|ipac~o|+|tcp|0/0 80|0/0 HTTP Client Total|ipac~i|+|tcp|0/0|0/0 80 HTTP Client Total|ipac~o|+|tcp|0/0 80|0/0 # SERVER: HTTP (port 80) HTTP Server Out|ipac~i|+|tcp|0/0 80|0/0 HTTP Server IN|ipac~o|+|tcp|0/0|0/0 80 HTTP Server Total|ipac~i|+|tcp|0/0 80|0/0 HTTP Server Total|ipac~o|+|tcp|0/0|0/0 80 # TOTAL: HTTP (port 80) HTTP TOTAL|ipac~i|+|tcp|0/0|0/0 80 HTTP TOTAL|ipac~o|+|tcp|0/0 80|0/0 HTTP TOTAL|ipac~i|+|tcp|0/0 80|0/0 HTTP TOTAL|ipac~o|+|tcp|0/0|0/0 80
Comments
Post new comment