[plug] IP Accounting Problem

Jason Nicholls jason at mindsocket.com.au
Wed Mar 1 16:52:56 WST 2000 

G'day Christian,

> I have a problem involving setting up IP accounting for which I can't
> really see a simple answer.  Basically we have a router which does it's
> own accounting and sends that (via's it own protocol, hi Mike!) to a
> machine which collates/processes this data.  Unfortunately the whole
> process is a bit iffy at times (for various reasons) so we're trying to
> set up a Linux box as a back-up accounting machine to draw a comparison.
> 
> We've added a new NIC to the Linux box in question and configured the
> router to mirror all IP traffic on the appropriate VLAN to the port that
> the second NIC is plugged into.  I can run tcpdump on that interface and
> see all the traffic going by so that's all working.  The problem is, I
> can't find any way of actually doing accounting on that traffic (i.e.,
> record destination IP address and data sent).  I've been trying to use
> ipchains but this won't work because the traffic isn't actually being
> sent to (or via) the machine and I can't think of any way to configure
> it so that the machine will read all the data coming in from one
> interface and forward it to another.  The only option seems to be a
> program that will read the traffic off the wire and keep a log of (IP,
> bytes) but I can't find any program that does this.  Does anyone know of
> one?  If not, can anyone suggest an approach that might be successful?

This isn't a very sophisticated answer, but perhaps ARGUS may be useful
in this situation. I don't know much about the app apart from it can be
used to log data (whatever appears on the interface). 

- I don't know where to get it
- I don't know anything else about it.

How this is helpful ;)


Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls    icq: 11745841	   email: <jason at mindsocket.com.au>
Proprietor			  mobile: 0417 410 811
Mind Socket [web services]          http://www.mindsocket.com.au/
--------------------------------------------------------------------

More information about the plug mailing list