Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
ipacctd(8)		    System Manager's Manual		    ipacctd(8)

NAME
       ipacctd -- IP accounting	using divert socket

SYNOPSIS
       ipacctd [-cdhstvwV] [-b size] [-f file] [-m recs] [-r file] -p port

DESCRIPTION
       The ipacctd is intended for IP accounting.  divert(4) and corresponding
       ipfw(8) rules are used for obtaining IP packets.

       The following options are available:

       -b size	Set  both  input and output buffer size	of divert(4) socket to
		size.  When number of packets per second is too	 great	it  is
		recommended  to	 set buffer size equal to maximum value	(equal
		to value of sysctl(8) variable kern.ipc.maxsockbuf).

       -c	cisco-like accounting output format. In	this case the  columns
		packets	 and  bytes  are swapped and space symbol are inserted
		before ip_src.

       -d	Do not detach from  the	 controlling  terminal	(do  not  call
		daemon(3) ). Useful for	debugging.

       -f file	Dump  accounting to the	file.  The filename string may contain
		any  of	 the  conversion  specifications  described   in   the
		strftime(3).

       -h	Display	help information (list of supported options).

       -m recs	Set  maximum number of records in hash table (by default equal
		to  30000).   The  record   is	 a   unique   combination   of
		ip_src/ip_dst	  for	 standard    accounting	   mode	   and
		ip_src/ip_dst/s_port/d_port/ip_proto for  extended  accounting
		mode.  Using this option prevents DoS attacks because for each
		record	in  the	 hash table some amount	of operating memory is
		required.

       -p port	Required option. Set the port  number  related	to  correspond
		divert/tee rule.

       -r file	Specify	the name and path to record the	ipacctd	's process ID.

       -s	Create	unix(4)	 stream	 socket	which can be used to fetch ac-
		counting instead of sending SIGHUP. See	 also  "IMPLEMENTATION
		NOTES".

       -t	Use tee	ipfw(8)	rule for obtaining packets ( divert is used by
		default).

       -v	Extended   accounting	mode  (also  output  ip	 protocol  and
		TCP/UDP/ICMP ports).

       -w	Output the time	of writing the first packet in	time_t	format
		in the last column.

       -V	Show ipacctd version.

       The SIGHUP signal causes	ipacctd	to dump	accounting in the default file
       or specified in -f option. Accounting format is:

       ip_from ip_to bytes packets

       When -v option is used the accounting output format is:

       ip_from s_port ip_to d_port proto bytes packets

       If proto	is ICMP	then s_port is ICMP type and d_port is ICMP sub-code.

       The SIGUSR2 signal causes ipacctd to dump current accounting and	debug-
       ging information	to file	/var/tmp/ipacctd_dump.

IMPLEMENTATION NOTES
       Since  1.43 version option -s is	introduced, which is used to fetch ac-
       counting	via cat(1):

	     cat /tmp/ipacct/ipacct.<port>

       Note that support of  unix(4)  sockets  in  cat(1)  was	introduced  in
       FreeBSD 4.5.

FILES
       /tmp/ipacct/ipacct.<port>  unix(8)  socket  used	 to  obtain accounting
				  when -s option is specified
       /var/log/ipacct.<port>	  default accounting file
       /vsr/run/ipacctd.<port>	  default process ID file
       /var/tmp/ipacctd_dump	  default dump file

EXAMPLES
       Typical ipacctd use:
	     1.	  Add ipfw(8) rule
			add 2000 divert	10000 ip from any to any via ppp*
	     2.	  Run ipacctd
			ipacctd	-v -p 10000 -f /var/log/ipacct.%F_%T

       After these steps when the SIGHUP is sent ipacctd  will	dump  all  ac-
       counting	 for  IP  packets  transmitted	via ppp	interfaces to the file
       ipacct.YYYY-MM-DD_HH:MM:SS.

DIAGNOSTICS
       All error messages are logged to	syslog(3).  It is important to pay at-
       tention to messages like	(port %d) accounting threshold exceeded	for %d
       packet(s) and %d	byte(s).  They mean that the shown number  of  packets
       was  received  by  ipacctd  but was not accounted because the number of
       records in the hash table had been exhausted. The possible solution  is
       to  dump	 accounting more often or to increase the number of records in
       hash table with option -m.

COMPATIBILITY
       The ipacctd should  work	 on  all  versions  of	FreeBSD	 that  support
       divert(4) sockets.

SEE ALSO
       divert(4), ipfw(8).

AUTHORS
       Roman V.	Palagin	<romanp@unshadow.net>.

       English version of this manual page has been written by
       Sergey Skvortsov	<skv@FreeBSD.org>.

BUGS
       If you find one - please	contact	the author.

FreeBSD	Ports 14.quarterly	 June 27, 2003			    ipacctd(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipacctd&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help