====== Учет сетевых ресурсов ======

===== NetFlow =====

  * [[http://ru.wikipedia.org/wiki/Netflow]]
  * Freeware NetFlow Software ([[http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps6601/networking_solutions_products_genericcontent0900aecd805ff72b.html]])
==== Cisco ====

   * [[Оборудование уровня 3 Cisco Router#Настройка экспорта статистики по протоколу NetFlow]]
==== Unix ====
<code>
server# tcpdump -ni eth1_em1 "port 2055"
</code>

==== Учет трафика пакетом flow-tools ====

  * [[Пакет flow-tools]]

==== Учет трафика пакетом NetAMS ====

  * [[Биллинговая система NetAMS]]

В эмуляторе считает сильно не точно!
Может помочь отключение vlan1 на коммутаторе!

<code>
router(conf)# ip flow-export destination server 9555
</code>

<code>
server# cat netams.conf
</code><code>
...
service data-source 1
type netflow
source 192.168.X.1
listen 0 9555
rule 11 "ip"
...
</code>
===== Дополнительные материалы =====

==== NfSen - Netflow Sensor ====

  * [[http://nfsen.sourceforge.net/|NfSen - Netflow Sensor]]
==== Экспорт статистики в формате NetFlow из PCAP ====

  * IPCAD - IP traffic accounting daemon ([[http://sourceforge.net/projects/ipcad/]])

==== Простейший коллектор NetFlow - пакет ehnt (Extreme Happy Netflow Tool) ====

=== FreeBSD ===
<code>
[server:~] # pkg_add -r ehnt

[server:~] # /usr/local/etc/rc.d/ehntserv.sh.sample start

[server:~] # rehash
[server:~] # ehnt
Using report interval of 60 minute(s)
flow #1 received from router 172.16.1.X, IP protocol 1
  input ifIndex:     2
  source IP address: 194.87.0.50
  source port:       0
  source AS:         <unknown>(0)
  output ifIndex:    0
  dest IP address:   192.168.X.40
  dest port:         0
  dest AS:           <unknown>(0)
  bytes in flow:        1K
  packets in flow:   20
...

[server:~] # /usr/local/etc/rc.d/ehntserv.sh.sample stop
</code>

=== Ubuntu (don't work) ===
<code>
root@server:~# cd /usr/src
root@server:/usr/src# wget http://downloads.sourceforge.net/project/ehnt/ehnt/0.4/ehnt-0.4.tgz?use_mirror=sunet
root@server:/usr/src# tar -xvzf ehnt-0.4.tgz 
root@server:/usr/src# cd ehnt
root@server:/usr/src/ehnt# make
root@server:/usr/src/ehnt# ./ehntserv
bind Unix error: No such file or directory
</code>

==== IP Accounting ====

=== Cisco ===
<code>
interface FastEthernet1/0
 ip accounting output-packets

interface FastEthernet1/1
 ip accounting output-packets
</code>

=== Unix ===
<code>
# rsh router "show ip accounting"

# rsh router "clear ip accounting"

# rsh router "show ip accounting checkpoint"
</code>