From netramet-owner  Wed Jun  5 06:06:10 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id GAA23059 for netramet-outgoing; Wed, 5 Jun 1996 06:00:48 +1200 (NZST)
Received: from xpert.com (limor@[199.203.132.1]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with SMTP id GAA23051 for <[email protected]>; Wed, 5 Jun 1996 06:00:42 +1200 (NZST)
Received: (from limor@localhost) by xpert.com (8.6.12/8.6.10) id UAA17201 for [email protected]; Tue, 4 Jun 1996 20:54:24 +0300
Date: Tue, 4 Jun 1996 20:54:24 +0300
From: Limor Schweitzer <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Subject: ANNOUNCE:  XACCT 2.0b
Sender: [email protected]
Precedence: bulk


Hello,

We are proud to announce the availability of XACCT 2.0b.

The new release includes a complex query language,
a WWW/JavaScript based user interface,
and both on-line and printable documentation.

You are welcome to visit and also test the new release
using a Netscape 2.X browser, at the following location:

 http://www.xpert.com/xacct.html


       Best Regards,

       Limor Schweitzer


_____________________________________________________________
| \\   Limor Schweitzer  <[email protected]>   (972)-3-6181118  |
|  \\  //                  |                    Net Security  |
|   \\//    __    ___   ___|__                      Internet  |
|    //\  |   \\// __/ |   |                 S/W Development  |
|   // \\ | __//\\____ |    \__          Network Integration  |
|__//___\\| _______UNIX Systems LTD____System Administration__|
         |

From netramet-owner  Sat Jun  8 11:09:16 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id LAA13812 for netramet-outgoing; Sat, 8 Jun 1996 11:07:00 +1200 (NZST)
Received: from ns.mauswerks.com (root@[206.100.31.2]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with ESMTP id LAA13801 for <[email protected]>; Sat, 8 Jun 1996 11:06:57 +1200 (NZST)
Received: from ratfink ([email protected] [204.152.96.8]) by ns.mauswerks.com (8.7.5/8.6.9) with SMTP id PAA02409 for <[email protected]>; Fri, 7 Jun 1996 15:34:20 -0700
Message-ID: <[email protected]>
Date: Fri, 07 Jun 1996 16:04:35 -0700
From: Brian Topping <[email protected]>
Organization: Mauswerks, Inc.
X-Mailer: Mozilla 2.02 (X11; I; Linux 1.99.8 i586)
MIME-Version: 1.0
To: [email protected]
Subject: Patch to NeTraMet SNMP lib
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hi!

I have a patch, should I send it to Nevil?

Fixes a crasher on Linux on launch of NeMaC.

-B

From netramet-owner  Sun Jun  9 18:41:30 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id SAA01243 for netramet-outgoing; Sun, 9 Jun 1996 18:39:20 +1200 (NZST)
Received: from ns.mauswerks.com (root@[206.100.31.2]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with ESMTP id SAA01238 for <[email protected]>; Sun, 9 Jun 1996 18:39:17 +1200 (NZST)
Received: from ratfink ([email protected] [204.152.96.8]) by ns.mauswerks.com (8.7.5/8.6.9) with SMTP id XAA05877 for <[email protected]>; Sat, 8 Jun 1996 23:06:37 -0700
Message-ID: <[email protected]>
Date: Sat, 08 Jun 1996 23:36:45 -0700
From: Brian Topping <[email protected]>
Organization: Mauswerks, Inc.
X-Mailer: Mozilla 2.02 (X11; I; Linux 1.99.8 i586)
MIME-Version: 1.0
To: [email protected]
Subject: Config Q's
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Well, I seem to have things working, nice work Nevil!

I have a question about rules to start with.  Can everyone help me pick this apart?
What I am trying to do is test to see if a packet's source or destination is from the
204.152.96.0/26 subnet, and if so record it in FlowClass 1, otherwise look at the
hardware address of the source or destination and determine which of the two nodes on
the net (besides the router) are an endpoint.  The goal is to be able to tally all
traffic to either hardware address that is not a transaction with the 204.152.96.0/26
subnet, which is exempt from billing.

My understanding of the 'Retry' action is that it swaps the src/dest addrs and retries
the active rule (not all of them) and that it can only be called once.  Is this
correct?

I think I can see one problem already in that flows in the ip_pkt section will be
counted unidirectionally instead of being tallied bidirectionally.  Am I correct here?

Thanks a bunch!

Brian Topping
Mauswerks, Inc.

>ip_pkt:
>  SourcePeerAddress & 255.255.255.192 = 204.152.96.0: GotoAct, g1;
>  DestPeerAddress & 255.255.255.192 = 204.152.96.0: GotoAct, g1;
>  Null & 0 = 0: Goto, non_exempt;
>non_exempt:
>  DestAdjacentAddress & FF-FF-FF-FF-FF-FF = 00-00-c0-b5-eb-c5: GotoAct, g2;
>  DestAdjacentAddress & FF-FF-FF-FF-FF-FF = 00-00-b4-6b-37-05: GotoAct, g3;
>  Null & 0 = 0: Retry, 0;
>#
># this saves off the flow class
>g1: FlowClass & 255 = 1:  PushtoAct, count_pkt;
>g2: FlowClass & 255 = 2:  PushtoAct, count_pkt;
>g3: FlowClass & 255 = 3:  PushtoAct, count_pkt;

From netramet-owner  Mon Jun 10 21:00:03 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id UAA05367 for netramet-outgoing; Mon, 10 Jun 1996 20:56:18 +1200 (NZST)
Received: from dcns.csc.cuhk.edu.hk (hp712c.csc.cuhk.edu.hk [137.189.28.103]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with SMTP id UAA05359 for <[email protected]>; Mon, 10 Jun 1996 20:56:08 +1200 (NZST)
Received: (from ktso@localhost) by dcns.csc.cuhk.edu.hk (8.6.13/8.6.12) id QAA15881 for [email protected]; Mon, 10 Jun 1996 16:56:00 +0800
From: SO Kwok Tsun <[email protected]>
Message-Id: <[email protected]>
Subject: Garbage collection interval
To: [email protected]
Date: Mon, 10 Jun 1996 16:55:59 +0800 (HKT)
X-Mailer: ELM [version 2.4 PL24 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

hi,

I am not sure whether it has been asked before.

We have the NeMaC to record flow with -c 900 (15 mins) to create flow
files and use fd_filter to calculate usage by different subnets.  It
should be just fine in most of the time.  But it seems that NeMaC do
not record when the counter of a flow didn't change.  We have some
small subnets that may not even have traffic at some time.  So in
some intervals, some subnets didn't show up.  And in the next
interval, it show up again.  But then, fd_filter thought that the
counter is 0 in the previous interval and so it give a very large
value after subtracting 0.

04:00:00 no value about flow 799
04:15:00
#Format: flowruleset flowindex firsttime sourcepeeraddress destpeeraddress tooctets fromoctets topdus frompdus sourcepeertype
2 799 85250900 202.40.208.0 0.0.0.0 108653365 732740549 1481967 1494039 2

After using fd_filter:
04:15:00
#Format: sourcepeeraddress destpeeraddress tooctetrate fromoctetrate topdurate frompdurate
202.40.208.0 0.0.0.0 108653365 732740549 1481967 1494039

It create a very large value!

Then I have try to use the option '-g sss' with NeMaC to specify a value
for the garbage collection interval so that in the above case, flow 799
will be recovered.  However, it fails to work as NeMaC complain that the
write community do not match.  Should I use this option or others like
-i and -u?

Thanks for your attention.

SO Kwok-tsun, Alan
Information Technology Service Unit
The Chinese University of Hong Kong

From netramet-owner  Tue Jun 11 22:04:44 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id WAA11425 for netramet-outgoing; Tue, 11 Jun 1996 22:00:53 +1200 (NZST)
Received: from ccu1.auckland.ac.nz ([email protected] [130.216.3.1]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with ESMTP id WAA11420; Tue, 11 Jun 1996 22:00:51 +1200 (NZST)
Received: (from nevil@localhost) by ccu1.auckland.ac.nz (8.7.3/8.7.3) id WAA06889; Tue, 11 Jun 1996 22:00:50 +1200 (NZT)
From: J Nevil Brownlee <[email protected]>
Message-Id: <[email protected]>
Subject: Re: NeTraMet logs
To: [email protected]
Date: Tue, 11 Jun 1996 22:00:50 +1200 (NZT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "[email protected]" at Jun 10, 96 03:12:25 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hello Dean:

> Hi my name is Dean Sauer and I run Scenicland Internet,
> a small ISP on the West Coast of the South Island.
> I have a small problem.
> I am running NeTraMet to be able to generate accounts
> for traffic but have no software to decifer the logs it generates.
> I would much appreciate if you could point me in the right direction
> or point someone to me.

What we do here at the University of Auckland is to use fd_filter to
compute the byte and packet counts for each collection interval,
then use Perl scripts to convert the resulting files into input
data files for our billing system.

We have considered writing a 'simple example' billing system (it would
just be a set of Perl scripts and cron jobs) to give people a starting
point, but - since everyone's reporting requirements are different -
it's not an easy task.

Does any NeTraMet user on the list have anything like a this they
could share?

Cheers, Nevil

+-----------------------------------------------------------------------+
| Nevil Brownlee                       Director, Technology Development |
| Phone: +64 9 373 7599 x8941          ITSS, The University of Auckland |
|   FAX: +64 9 373 7425        Private Bag 92019, Auckland, New Zealand |
+-----------------------------------------------------------------------C

From netramet-owner  Wed Jun 12 09:46:45 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id JAA02059 for netramet-outgoing; Wed, 12 Jun 1996 09:45:57 +1200 (NZST)
Received: from atlantis.actrix.gen.nz (uucp@[203.96.16.23]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with SMTP id JAA02045 for <[email protected]>; Wed, 12 Jun 1996 09:45:47 +1200 (NZST)
Received: (from uucp@localhost) by atlantis.actrix.gen.nz (8.6.11/8.6.9) id JAA25252 for [email protected]; Wed, 12 Jun 1996 09:45:31 +1200
>Received: from notes.edm.co.nz (notes.edm.co.nz [192.9.200.4]) by demo.edm.co.nz (8.6.12/8.6.12) with SMTP id JAA27217 for <@demo.edm.co.nz:[email protected]>; Wed, 12 Jun 1996 09:16:28 +1200
Received: from notes.edm.co.nz (notes.edm.co.nz [192.9.200.4]) by demo.edm.co.nz (8.6.12/8.6.12) with SMTP id JAA27217 for <@demo.edm.co.nz:[email protected]>; Wed, 12 Jun 1996 09:16:28 +1200
Received: by notes.edm.co.nz (IBM OS/2 SENDMAIL VERSION 1.3.2)/1.0)
         id AA0070; Wed, 12 Jun 96 09:19:55 -0700
Received: from EDM with "Lotus Notes Mail Gateway for SMTP" id
 51A1B7EA18C933194C25634600745E8D; Wed, 12 Jun 96 09:19:55
Message-Id: <[email protected]>
To: netramet <[email protected]>
From: Paul Scheffer <[email protected]>
Date: 12 Jun 96  9:19:31 BST
Subject: Re: NeTraMet logs
Mime-Version: 1.0
Content-Type: Text/Plain
Sender: [email protected]
Precedence: bulk

>Does any NeTraMet user on the list have anything like a this they
>could share?

We do some billing from Netramet by using the following process.

The raw output files are renamed and filtered roughly every week using a
cronjob and fd_filter.

At the first of the month the 4 output files for the previous month are put
into a monthly directly and cat'ed together to produce a monthly total.

We then run this through a awk program that determines if traffic is local or
international (by using a dns program).

The large output file is then downloaded to a pc that runs a VB program that we
wrote that produces bills for each of our customers.

All in all it works well and since we retain all the old output files we can
produce proof of traffic if asked. If anyone knows VB and wants a copy to
customise then let me know and I'll get one to you

PS



From netramet-owner  Sun Jun 16 18:02:50 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id RAA26502 for netramet-outgoing; Sun, 16 Jun 1996 17:59:53 +1200 (NZST)
Received: from ccu1.auckland.ac.nz ([email protected] [130.216.3.1]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with ESMTP id RAA26497 for <[email protected]>; Sun, 16 Jun 1996 17:59:51 +1200 (NZST)
Received: (from nevil@localhost) by ccu1.auckland.ac.nz (8.7.3/8.7.3) id RAA13552 for [email protected]; Sun, 16 Jun 1996 17:59:50 +1200 (NZT)
From: J Nevil Brownlee <[email protected]>
Message-Id: <[email protected]>
Subject: Rule set bug/feature ..
To: [email protected]
Date: Sun, 16 Jun 1996 17:59:50 +1200 (NZT)
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hello all:

Quite a while back someone (alas I've lost the e-mail note) sent me
a rule set which didn't work as expected.  I've at last managed to
take a look at it, so here's the diagnosis:

If you write a rule like this:

   DestTransAddress & 255.255 = domain:   Retry, 0;

 You expect the match to succeed if the packet has 'domain' as its
 dest transport address.  This works OK.

 But if you write this instead:

   v1 & 0 = DestTransAddress:  Assign, Next;
   v1 & 255.255 = domain:       Retry, 0;

 This one doesn't work!  (That was the problem description sent to me).

 To make this work you have to write it like this:

   v1 & 0 = DestTransAddress:  Assign, Next;
   v1 & 255.255 = 0.domain:       Retry, 0;

 The difference is in the way the matched value is specified.  In
 the second case (0.domain) NeMaC can see that it is a two-byte
 address.  In the first case it can't.

 This is only a problem if you're using an attribute variable (i.e.
 v1 .. v5).  If you use an ordinary attribute NeMaC can see how many
 bytes there ought to be in the natched value, so it can add zero
 bytes on the front.

Any comments on what NeMaC should do about this?  Seems to me NeMaC
should give a warning if it sees address values without dots or dashes
(which indicate the user is giving the value one byte at a time) when
parsing a value for attributes v1 .. v5.

Cheers, Nevil

+-----------------------------------------------------------------------+
| Nevil Brownlee                       Director, Technology Development |
| Phone: +64 9 373 7599 x8941          ITSS, The University of Auckland |
|   FAX: +64 9 373 7425        Private Bag 92019, Auckland, New Zealand |
+-----------------------------------------------------------------------C

From netramet-owner  Wed Jun 26 08:34:08 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id IAA28742 for netramet-outgoing; Wed, 26 Jun 1996 08:31:28 +1200 (NZST)
Received: from bill-graham.nfic.com (bill-graham.nfic.com [205.231.86.32]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with ESMTP id IAA28730 for <[email protected]>; Wed, 26 Jun 1996 08:31:23 +1200 (NZST)
Received: (from rramstad@localhost) by bill-graham.nfic.com (8.7.3/8.7.3) id QAA06065; Tue, 25 Jun 1996 16:30:28 -0400 (EDT)
Date: Tue, 25 Jun 1996 16:30:28 -0400 (EDT)
From: Bob Ramstad <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Subject: SunOS 4.1.3_U1 questions
Sender: [email protected]
Precedence: bulk

howdy.  i've been trying to get NeTraMet working properly on my system
for a whole day now, and i'm a bit puzzled about some of what i've
been seeing.  i've been running with examples/rules.lan on one of our
main fileservers just to see what is going on, and i'm a bit mystified
because the statistics line never gives any of the information i'm
really interested in, they all look like this:

#Time: 16:22:00 Tue 25 Jun 96 graham Flows from 15599 to 21600
#Stats: aps=0 apb=0 mps=0 mpb=0 lsp=0 avi=0.0 mni=0.0 fiu=41 frc=0 gci=10 rpp=0.0 tpp=0.0 cpt=1.0 tts=1024 tsu=35

as far as i can tell, i followed the libpcap-0.2 installation rules to
the letter, including installing bpf-1.1, rebuilding the kernel and
rebooting.  i don't have problems getting the various programs
started, changing rules on the meters using NeMaC and so forth.

i understand that some of these aren't available under Unix, but i
assumed the first five were supported, oro at least the packets/second
stats.  any suggestions?  pointers to something i may have overlooked?

i am not a member of this list, so please send replies directly to me
as well.  thanks.

-- Bob

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.