<< | обсуждения | >> февраль 2006 | архив + поиск << | по дате | >>

[freebsd] проблема с ng_ipacct + ngctl



SERGIO $$$ wrote:
> Здравствуйте, freebsd
>  
> При запуске ng_ipacct_init.sh ngctl выдаёт ошибки:
> FreeFirst# sh -x ./ng_ipacct_init.sh start                       
> + THRESHOLD=50000                                                
> + VERBOSE=1                                                      
> + IPACCTCTL=/usr/local/sbin/ipacctctl                            
> + INTERFACES=de0                                                 
> + kldload netgraph                                               
> + kldload ng_ether                                               
> + kldload ng_socket                                              
> + kldload ng_tee                                                 
> + kldload ng_ipacct                                              
> + ngctl mkpeer de0: tee lower right                              
> + ngctl connect de0: lower upper left                            
> ngctl: send msg: No such file or directory                       
> + ngctl name de0:lower de0_acct_tee                              
> ngctl: send msg: No such file or directory                       
> + ngctl mkpeer de0_acct_tee: ipacct right2left de0_in            
> ngctl: send msg: No such file or directory                       
> + ngctl name de0_acct_tee:right2left de0_ip_acct                 
> ngctl: send msg: No such file or directory                       
> + ngctl connect de0_acct_tee: de0_ip_acct: left2right de0_out    
> ngctl: send msg: No such file or directory                       
> + /usr/local/sbin/ipacctctl de0_ip_acct:de0 verbose 1            
> ipacctctl: ip_account_ctl: NgSendMsg: No such file or directory  
> ipacctctl: Cann't get version number from node                    
> + /usr/local/sbin/ipacctctl de0_ip_acct:de0 threshold 50000     
> ipacctctl: ip_account_ctl: NgSendMsg: No such file or directory 
> ipacctctl: Cann't get version number from node                  
>  
> В чём проблема и как её решить?
>  
> FreeBSD 5.4
> ng_ipacct-20050731
>  
> PS Я новичёк во FreeBSD так что просьба подоступнее выражаться ;)
Предлагаю воспользоваться ng_netflow.
Вот стартовый скрипт:
#! /bin/sh
#

IFACES="vlan0 vlan1"
FLOW_EXPORT_ADDR="62.33.196.222"
FLOW_EXPORT_PORT="20001"

# Start/restart routine
netflow_start() {

	# Load netgraph KLD's as necessary
	for KLD in ng_socket ng_ksocket ng_ether ng_tee ng_netflow; do
		if kldstat -v | grep -qw ${KLD}; then
		else
			echo -n "Loading ${KLD}.ko... "
			kldload ${KLD} || exit 1
			echo "done"
		fi
	done

	# Reset all interfaces
	netflow_stop

	# Verify all interfaces exist
	for ETHER in ${IFACES}; do
		if ngctl info ${ETHER}: >/dev/null 2>&1; then
		else
			echo "Error: interface ${ETHER} does not exist"
			exit 1
		fi
		ifconfig ${ETHER} up || exit 1
	done
	
	# Starting input direction
	netflow_input
	
	# Starting output direction
	netflow_output

	# Set all interfaces in promiscuous mode and don't overwrite src addr
	ngctl msg netflow: settimeouts { inactive=15 active=300 }
	ngctl mkpeer netflow: ksocket export inet/dgram/udp || exit 1
	ngctl msg netflow:export connect inet/${FLOW_EXPORT_ADDR}:${FLOW_EXPORT_PORT} || exit 1

}

# INPUT direction
netflow_input() {

	IFNUM=0
	# Hook up local interface, if any
	for IF in ${IFACES}; do

		if [ ${IFNUM} = 0 ]; then
			# Create new ng_netflow node, attached to the first interface
			ngctl mkpeer ${IF}: tee lower right || exit 1
			ngctl connect ${IF}: ${IF}:lower upper left || exit 1
			INTNAME="${IF}_tee"
			ngctl name ${IF}:lower ${INTNAME}
			ngctl mkpeer ${INTNAME}: netflow right2left iface${IFNUM} || exit 1
			ngctl name ${IF}:lower.right2left netflow || exit 1
			IFINDEX=`ngctl msg ${IF}: getifindex >&1` || exit 1
		        IFINDEX=`echo ${IFINDEX} >&1 | sed -n 's/.*[a-z].*: \([0-9]*\).*$/\1/p'`
			ngctl msg netflow: setifindex { iface=${IFNUM} index=${IFINDEX} } || exit 1
		else
			# Attace another interfaces to netflow node
			ngctl mkpeer ${IF}: tee lower right || exit 1
			ngctl connect ${IF}: ${IF}:lower upper left || exit 1
			INTNAME="${IF}_tee"
			ngctl name ${IF}:lower ${INTNAME}
			ngctl connect ${INTNAME}: netflow: right2left iface${IFNUM} || exit 1
			IFINDEX=`ngctl msg ${IF}: getifindex >&1` || exit 1
		        IFINDEX=`echo ${IFINDEX} >&1 | sed -n 's/.*[a-z].*: \([0-9]*\).*$/\1/p'`
			ngctl msg netflow: setifindex { iface=${IFNUM} index=${IFINDEX} } || exit 1
		fi		
		IFNUM=`expr ${IFNUM} + 1`
	done

}

# OUTPUT direction
netflow_output() {

	IFNUM=10
	# Hook up local interface, if any
	for IF in ${IFACES}; do

			# Attace another interfaces to netflow node
			ngctl connect ${IF}:lower netflow: left2right iface${IFNUM} || exit 1
			IFINDEX=`ngctl msg ${IF}: getifindex >&1` || exit 1
		        IFINDEX=`echo ${IFINDEX} >&1 | sed -n 's/.*[a-z].*: \([0-9]*\).*$/\1/p'`
			ngctl msg netflow: setifindex { iface=${IFNUM} index=${IFINDEX} } || exit 1
			IFNUM=`expr ${IFNUM} + 1`
	done

}

# Stop routine
netflow_stop() {

	ngctl kill netflow:export >/dev/null 2>&1
	IFNUM=0
	for EXTIF in ${IFACES}; do
	    ngctl kill netflow:iface${IFNUM} >/dev/null 2>&1
	    IFNUM=`expr ${IFNUM} + 1`
	done

	IFNUM=10
	for EXTIF in ${IFACES}; do
	    ngctl kill netflow:iface${IFNUM} >/dev/null 2>&1
	    IFNUM=`expr ${IFNUM} + 1`
	done

}

if [ -z "${source_rc_confs_defined}"]; then
	if [ -r /etc/defaults/rc.conf ]; then
		. /etc/defaults/rc.conf
		source_rc_confs
	elif [ -r /etc/rc.conf ]; then
		. /etc/rc.conf
	fi
fi

# Main entry point
case $1 in
	start)
	case  "${netflow_enable}" in
		[Yy][Ee][Ss])
			echo -n 'Starting netflow'
			netflow_start
		;;
	esac
	;;
	stop)
		netflow_stop
		;;
	*)
		echo "usage: `basename $0` [ start | stop ]"
		exit 1
esac
Совместно с ng_netflow я использую NetAMS. Получается неплохо.
В скрипте укажите свои интерфейсы (IFACES) и адрес:порт netflow коллектора (FLOW_EXPORT_ADDR, FLOW_EXPORT_PORT).
Удачи!

-- 
С уважением,
Кочетков Андрей Анатольевич.
ООО "Авиаэкспресс"
672010, Россия, г. Чита, ул. Ленина, 55
тел./факс: +7 (3022) 351457
моб.: +7 914 4692252
ICQ:  168781713
e-Mail:  andrews

-- 
----------------------------------------------------------- 
Для закрытия подписки необходимо направить письмо по адресу
mail-list с текстом "unsubscribe freebsd" в поле темы (subject) письма.




Архив создан MHonArc Техническая поддержка CYGNUS HOSTING