[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-embedded
Subject:    Re: [gentoo-embedded] Suggestions for per user bandwidth accounting
From:       Ed W <lists () wildgooses ! com>
Date:       2011-03-11 19:15:43
Message-ID: 4D7A74DF.2000506 () wildgooses ! com
[Download RAW message or body]

Hi

Thanks for the reply!

> Method 1
> http://conntrack-tools.netfilter.org/

Super - actually I just discovered ulogd which is I guess the preferred
userspace logger now.  I think I'm a bit out of date on iptables because
that appears to be able to do even per connection statistics...  Only
skimming the docs at present, anyone got any experience using this in anger?

> 
> Your going to overwhelm an embedded system with all of this
> accounting and database, so split it across several
> systems.

Actually, although not stated, the WAN connections will be generally
quite slow and expensive (satellite), and the number of users normally
small.  So I'm not expecting a ton of traffic to log in general


> 
> Method 2
> Adapt an excellent high end NMS (Network Management System)
> Such as Nagios or JFFNMS to your needs

I hadn't come across JFFNMS before - very cool

I presume you have seen that Nagios has very firmly forked to become Icinga?


> in Gentoo. JFFNMS also supports TACAS and
> TACAS+, which, if it encompasses what
> you need, would be your best route to avoid
> a monstrous amount of coding on your own.

I don't see that TACAS+ offers the accounting side?  From a quick google
it appears to handle the authentication side only?

My requirements for authentication are going to be fairly
straightforward, largely just yes/no.


From a few mins reading up my initial design is looking a little like:

- FreeRadius on sqlite (perhaps mysql)
- HostAPD
- IPTables to limit access (with daemon to talk to DHCP server)
- ulogd to log most of the traffic. Custom app loggers to add
granularity where needed

It's the accounting side and the use of iptables to limit access which
is still looking rather hairy.  If anyone has any experience of fiddling
with this stuff then please let me know?  Also any other features of
iptables that I might have not noticed would be useful? (I see packet
marking, vlans, mac matching, conntrack based accounting - anything else?)

Thanks for the hints

Ed W

[prev in list] [next in list] [prev in thread] [next in thread]