SOLVED Re: Connection tracking.

Fri Jul 11 20:36:03 EEST 2003

Σταμάτης Κεκές wrote:
> Kalo kai to argus alla exo vrei kati kalytero kai aploustero.
> Exo vrei to net-acct+mysql to opoio mou logarei ta connections se mia
> mysql database gia analysi.
>  Exei megali leptomereia stis rythmiseis kai "mazeyei" ta panta pou 
> pernane apo to diktyo.
> Apo keei kai meta einai stin eyxaireia tou xristi na kanei oti thelei me
> ta data pou perisylegei.
> Filika
>   Stamatis

Ouch...
To xrhsimopoihsa gia ligo kai den mou arese...
- einai ligo unstable. Xwris kaneno logo, psofouse.
- afhne arketa skoupidia. Ypoti8etai oti htan arketa eksupno wste na 
katagrafei se arxeia oti dedomena den prolabaine na sthlei sthn bash 
logo problhmatwn, alla pote den skefthke na sbhsei ta arxeia auta.
- 8umamai oti me paidepse ligo sto configuration... Psilo cryptic 
htan... prin basisteis epanw tou, sigourepsou oti katagrafei ola ta 
paketa pou se endiaferoun... Peiramatisou...
- Einai ligo baru. Kanei monimws dump sthn mysql, kai kanei to mhxanhma 
na shkwnei load. Oxi toso oso na dhmiourgei problhmata, arketa omws wste 
na ftanei sta oria tou.
- Meta brhka to EKSAIRETO flowtools. Sta8erothta mexri ahdias. POTE den 
mou parousiase oute ena problhma, edw kai 6 mhnes. Esena mallon den sou 
kanei, giati den aneferes an exeis cisco. Parolauta, analuw:
Xrhsimopoiei ta Cisco Netflows pou mporei na sou petaei enas cisco kai 
ta kanei dump sthn bash me akoma megaluterh leptomereia apo to nacctd. 
Ekana parallhla kai merika scriptakia pou to export to kanoun se 
epilegmeno table ana mhna kai meta to antigrafoun se allo table, analoga 
me thn xrhsimothta tou ka8e record, sbhnontas ta palia. Apo ekei kai 
pera, twra eimai sthn fash pou grafw ena php fronend gia ola auta.
Shmeiwsh: Kai to nacctd Kai to netflow mporoun na gemisoun POLY thn 
bash. H mysql kai ta MyIsam tables apodeix8hkan aneparkh sto xeirismo 
tables me panw apo merika ekatomuria eggrafes. An kaneis to la8os kai 
kaneis ena "select *" kai oi eggrafes einai parapanw apo 10000, mporei 
na perimeneis mexri kai 5 lepta(!) mexri na pareis to prwto row, kata 
thn deirkeia twn opoion, h mysqld shkwnei 100% load. Pera apo to 
corruption, pou sunebaine mia fora ton mhna, xwris idiaitero logo. Paizw 
twra me InnoDB kai ta pragmata einai arketa kalutera...

Me to flowtools mazeuw se arxeia poy pianoun peripou 20kbytes / 15 lepta 
traffic 256kbit kai ta kanw dump sthn bash mesa sthn nuxta, gia na ta 
brw etoima thn epomenh mera. Trexoun automata scriptakia pou ftiaxnoun 
summaries tou traffic, opote den poluaggizw tous pinakes me ta 
ekatomuria records.

Allo pleonekthma tou flowtools, einai to oti mporeis na to egkatasthseis 
se opoiodhpote mhxanhma sto diktyo, kai oxi anagkastika ston proxy me 
tis duo kartes diktyou pou brisketai se kombiko shmeio. Ton proxy 
prospa8w na ton afhsw oso pio elafru ginetai. o cisco mporei na sou 
sthlei ta flows se opoio ip tou dhlwseis.

Telos, allo ena pleonekthta twn flows, einai se periptwseis pou 
xrhsimopoieis NAT. An kaneis apla sniffing me to nacct, 8a blepeis 
traffic apo ton nat server sou pros ta eksw, xwris na mporeis na to 
antistoixhseis me to eswteriko traffic. To netflow protocol exei 
problepsh kai gia auto, opote parolo pou exw nat, kserw se poio client 
antistoixei...

Parepiptontws, ola ta programmata traffic analysis (pou kostizoun merika 
ekatomuria) uposthrizoun netflow. Einai arketa standard, kai 8a breis 
polles plhrofories sto internet...

Auta... An 8eleis parapanw plhrofories, enhmerwse me... Asxoloume me 
auto to project peripou 1,5 xrono... Otan ginei stable, 8a to bgalw kai 
gia download (stable GPL network accounting & billing system, me php 
frontend).

- Giannis