404 lines
6.2 KiB
HTML
404 lines
6.2 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Using IP Accounting Results</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="IP Accounting"
|
|
HREF="x-087-2-accounting.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Configuring IP Accounting"
|
|
HREF="x-087-2-accounting.ipfwadm.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Resetting the Counters"
|
|
HREF="x-087-2-accounting.zeroing.counter.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-accounting.ipfwadm.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 10. IP Accounting</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-accounting.zeroing.counter.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="X-087-2-ACCOUNTING.VIEWING.RESULTS"
|
|
>10.3. Using IP Accounting Results</A
|
|
></H1
|
|
><P
|
|
> It is all very well to be collecting this information, but how do we
|
|
actually get to see it? To view the collected accounting data and the
|
|
configured accounting rules, we use our firewall configuration
|
|
commands, asking them to list our rules. The packet and byte counters
|
|
for each of our rules are listed in the output.</P
|
|
><P
|
|
>The <B
|
|
CLASS="COMMAND"
|
|
>ipfwadm</B
|
|
>, <B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
>, and
|
|
<B
|
|
CLASS="COMMAND"
|
|
>iptables</B
|
|
> commands differ in how accounting data is handled,
|
|
so we will treat them independently.</P
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN9449"
|
|
>10.3.1. Listing Accounting Data with ipfwadm</A
|
|
></H2
|
|
><P
|
|
> The most basic means of listing our accounting data with the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ipfwadm</B
|
|
> command is to use it like this:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>ipfwadm -A -l</B
|
|
></TT
|
|
>
|
|
IP accounting rules
|
|
pkts bytes dir prot source destination ports
|
|
9833 2345K i/o all 172.16.3.0/24 anywhere n/a
|
|
56527 33M i/o all 172.16.4.0/24 anywhere n/a</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>This will tell us the number of packets sent in each direction. If we use
|
|
the extended output format with the <TT
|
|
CLASS="OPTION"
|
|
>-e</TT
|
|
> option (not shown here because the
|
|
output is too wide for the page), we are also supplied the options and
|
|
applicable interface names. Most of the fields in the output will be
|
|
self-explanatory, but the following may not:</P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>dir</DT
|
|
><DD
|
|
><P
|
|
>The direction in which the rule applies. Expected values here are
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>in</TT
|
|
>, <TT
|
|
CLASS="LITERAL"
|
|
>out</TT
|
|
>,
|
|
or <TT
|
|
CLASS="LITERAL"
|
|
>i/o</TT
|
|
>, meaning both ways.</P
|
|
></DD
|
|
><DT
|
|
>prot</DT
|
|
><DD
|
|
><P
|
|
>The protocols to which the rule applies.</P
|
|
></DD
|
|
><DT
|
|
>opt</DT
|
|
><DD
|
|
><P
|
|
>A coded form of the options we use when invoking
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ipfwadm</B
|
|
>. </P
|
|
></DD
|
|
><DT
|
|
>ifname</DT
|
|
><DD
|
|
><P
|
|
>The name of the interface to which the rule applies.</P
|
|
></DD
|
|
><DT
|
|
>ifaddress</DT
|
|
><DD
|
|
><P
|
|
>The address of the interface to which the rule applies.</P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
><P
|
|
>By default, <B
|
|
CLASS="COMMAND"
|
|
>ipfwadm</B
|
|
> displays the packet and byte
|
|
counts in a shortened form, rounded to the nearest thousand (K) or million
|
|
(M). We can ask it to display the collected data in exact units by using the
|
|
expanded option as follows:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>ipfwadm -A -l -e -x</B
|
|
></TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN9489"
|
|
>10.3.2. Listing Accounting Data with ipchains</A
|
|
></H2
|
|
><P
|
|
> The <B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
> command will not display our accounting data
|
|
(packet and byte counters) unless we supply it the <TT
|
|
CLASS="LITERAL"
|
|
>-v</TT
|
|
>
|
|
argument. The simplest means of listing our accounting data with the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
> is to use it like this:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>ipchains -L -v</B
|
|
></TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>Again, just as with <B
|
|
CLASS="COMMAND"
|
|
>ipfwadm</B
|
|
>, we can display the packet and
|
|
byte counters in units by using the expanded output mode. The
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
> uses the <TT
|
|
CLASS="LITERAL"
|
|
>-x</TT
|
|
> argument for this:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>ipchains -L -v -x</B
|
|
></TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN9506"
|
|
>10.3.3. Listing Accounting Data with iptables</A
|
|
></H2
|
|
><P
|
|
> The <B
|
|
CLASS="COMMAND"
|
|
>iptables</B
|
|
> command behaves very similarly to the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
> command. Again, we must use the <TT
|
|
CLASS="LITERAL"
|
|
>-v</TT
|
|
>
|
|
when listing tour rules to see the accounting counters. To list our accounting
|
|
data, we would use:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>iptables -L -v</B
|
|
></TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Just as for the <B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
> command, you can use the
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>-x</TT
|
|
> argument to show the output in expanded
|
|
format with unit figures.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-accounting.ipfwadm.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-accounting.zeroing.counter.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Configuring IP Accounting</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-accounting.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Resetting the Counters</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |