Installing engine for alLANBilling

1) I hope that the NAT, routing, httpd, php, mysql,fprobe-ulog, flow-tools packages already installed
2) Add iptables rule to which all packages will be NAT-pass through ULOG
This is only EXAMPLE:
      *filter
      :INPUT ACCEPT [0:0]
      :FORWARD DROP [0:0]
      :OUTPUT ACCEPT [0:0]
      :NETFLOW - [0:0]
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -m tcp --dport 25 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -m tcp --dport 110 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -m tcp --dport 4444 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 2123.123.123.123/32 -p tcp -m tcp --dport 25 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -m tcp --dport 110 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p udp -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p udp -j NETFLOW
      -A FORWARD -s 192.168.0.5/32 -j NETFLOW
      -A FORWARD -s 192.168.0.200/32 -p udp -m udp --dport 123 -j NETFLOW
      -A FORWARD -s 192.168.0.200/32 -p udp -m udp --dport 53 -j NETFLOW
      -A FORWARD -d 192.168.0.0/24 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -m tcp --dport 110 -j NETFLOW
      -A FORWARD -s 192.168.0.0/24 -d 123.123.123.123/32 -p tcp -m tcp --dport 25 -j NETFLOW
      -A NETFLOW -j ULOG
      -A NETFLOW -j ACCEPT
      COMMIT
3) Also you will need the flow-tools (flow-tools-0.68-12.fc4.i386.rpm) (download and install)
4) Create a folder /var/flows/acct/ (storage flows)
5) Create a folder /root/flows/
6) In the folder /root/flows/ create two executable files:
Startup-script: /root/flows/runflow

#!/bin/sh
killall fprobe-ulog
killall flow-capture
/usr/bin/flow-capture -R /root/flows/rota -e 2 -w /var/flows/acct 127.0.0.1/127.0.0.1/2055
/usr/local/sbin/fprobe-ulog 127.0.0.1:2055

Script for exporting data to MySQL database: /root/flows/rota

#!/bin/sh
/usr/bin/flow-export -f3 -mUNIX_SECS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT -u “root:pass:localhost:3306:ulog:raw” < $1

7) In the file /root/flows/rota change "root:pass:localhost:3306:ulog:raw"
to the your "login:password:mysqlhostname:port:databasename:tablename" to access MySQL
(the user must have write access to the database!)!
8) Login to the MySQL and create ulog database:

create database ulog

9) Create a table raw to store the data:

CREATE TABLE IF NOT EXISTS `raw` (
`unix_secs` int(11) unsigned NOT NULL default ’0′,
`dpkts` int(11) unsigned NOT NULL default ’0′,
`doctets` int(11) unsigned NOT NULL default ’0′,
`srcaddr` varchar(15) NOT NULL default ’0′,
`dstaddr` varchar(15) NOT NULL default ’0′,
`input` smallint(5) unsigned NOT NULL default ’0′,
`output` smallint(5) unsigned NOT NULL default ’0′,
`srcport` smallint(5) unsigned NOT NULL default ’0′,
`dstport` smallint(5) unsigned NOT NULL default ’0′,
`prot` tinyint(3) unsigned NOT NULL default ’0′,
KEY `unix_secs` (`unix_secs`),
KEY `dstusecs` (`dstaddr`,`unix_secs`),
KEY `srcusecs` (`srcaddr`,`unix_secs`),
KEY `output` (`output`,`unix_secs`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

10) Add new user to the MySQL:
GRANT ALL PRIVILEGES ON ulog.* TO USER@localhost IDENTIFIED BY "PASSWORD";
You must change user and password!
11) Run /root/flows/runflow (add path to this script in the rc.local for autostart)
12) After 15-20 minutes watch the mysql database:

select unix_secs, srcaddr, dstaddr, doctets, srcport, dstport from raw;

You should see someting like this:

unix_secs            doctets            srcaddr                 dstaddr               srcport            dstport
1919283189     46934        123.123.123.123    192.168.1.123        443                 1120

If you don's see data in the any column (like 0), than export-script working incorrectly.
Check it, it must countain "-mUNIX_SECS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT"!
13) Install the web-interface alLANBilling to view statistics
This entry was posted in alLANBilling, alSUMBilling. Bookmark the permalink. Both comments and trackbacks are currently closed.