+7 (916) 741 5495
support@netams.com

    ïðîäóêòû è óñëóãè     î êîìïàíèè     ïðîåêòû     áèëëèíã     êîíòàêòû english   

Âíèìàíèå! Ýòî äîêóìåíòàöèÿ ê âåðñèè 3.4. Äëÿ âåðñèè 4.0 ñìîòðèòå çäåñü

Äîêóìåíòàöèÿ

Releases

Áàçà çíàíèé

Ïðèìåðû êîíôèãóðàöèè

  

Ïî 10 ïðàâèë è þíèòîâ


Çäåñü ñîáðàíà "ëó÷øàÿ äåñÿòêà" íàèáîëåå èíòåðåñíûõ è ïîëåçíûõ ïðàâèë (ïîëèòèê) ó÷åòà òðàôèêà, è 10 îïèñàíèé ðàçëè÷íûõ þíèòîâ. Ýòîò äîêóìåíò ïîìîæåò âàì à) ëó÷øå ïîíÿòü ìåõàíèçì ðàáîòû netams è á) íàèáîëåå ïðàâèëüíûì îáðàçîì ñîçäàòü âàø êîíôèãóðàöèîííûé ôàéë äëÿ âàøèõ çàäà÷.

ïîëèòèêè ó÷åòà òðàôèêà
Çàäàþòñÿ â íàñòðîéêàõ ñåðâèñà processor, ôîðìàò êîìàíäû èìååò âèä: 
policy { oid XXX | name NNNNN } target ....
  • policy name ip target proto ip
    ïîçâîëÿåò âûäåëèòü âåñü IP-òðàôèê. ïðîñòåéøèé ñëó÷àé, ò.ê. ïîä ýòî ïðàâèëî ïîïàäàåò âñå, ÷òî ïðîõîäèò ÷åðåç netams

  • policy name www target proto tcp port 80 81 8080 3128
    îïðåäåëÿåò TCP-òðàôèê ïî ñïèñêó ïîðòîâ, ôàêòè÷åñêè ñþäà ïîïàäåò âåñü WWW-òðàôèê

  • policy name t_dns target proto tcp port 53 addr 1.2.3.4
    policy name u_dns target proto udp port 53 addr 1.2.3.4
    policy name extdns target policy-or t_dns u_dns
    åñëè âàì âäðóã õî÷åòñÿ ïîñ÷èòàòü òðàôèê ñ/äî îïðåäåëåííîãî DNS-ñåðâåðà, ðàñïîëîæåííîãî âíå âàøåé ñåòè è èìåþùåãî àäðåñ 1.2.3.4, ìîæíî âîñïîëüçîâàòüñÿ ýòèì ïðèìåðîì. äëÿ íà÷àëà îïðåäåëèòå äâå ïîëèòèêè, îòäåëüíî äëÿ UDP è TCP (DNS èñïîëüçóåò îáà!), çàòåì ñêîìáèíèðóéòå èõ ïðè ïîìîùè ïðàâèëà ñ ëîãè÷åñêèì ÈËÈ

  • policy name remote target units oid 0ABCDF
    unit net oid 0ABCDF name remotelan ip 215.236.28.0/24
    åñëè ó âàñ åñòü óäàëåííûé îôèñ, â êîòîðîì ðàáîòàåò ïîäñåòü 215.236.28.0/24, ìîæíî âûäåëèòü âåñü òðàôèê ìåæäó ìàøèíàìè âàøåé ñåòè è ýòîé óäàëåííîé ïîäñåòüþ. þíèòå íàçíà÷åíèÿ target ìîæåò áûòü ëþáûì - õîñòîì, ñåòüþ, êëàñòåðîì. ïîëåçíî òàêæå, åñëè âàñ èíòåðåñóåò òðàôèê äî êàêîãî-òî âàøåãî ñåðâåðà, ðàñïîëîæåííîãî ñíàðóæè ó ïðîâàéäåðà, íà collocation.

  • policy name anekdotes target addr 217.16.28.51
    àíàëîãè÷íûé ïðåäûäóùåìó, åñëè âàñ èíòåðåñóåò òðàôèê òîëüêî äî îäíîãî îïðåäåëåííîãî ip-àäðåñà, âîçìîæíî îáîéòèñü äàæå áåç çàäàíèÿ îòäåëüíîãî ñîîòâåòñòâóþùåãî þíèòà.

  • policy name rus target file /etc/ru_networks.txt
    ïî ýòîé ïîëèòèêå ïîäñ÷èòàåòñÿ òðàôèê, ïðåäíàçíà÷åííûé äëÿ ñåòåé, ïåðå÷èñëåííûõ â ôàéëå ïðåôèêñîâ. òàì ìîæåò ñîäåðæàòüñÿ îòîáðàæåíèå âàøåé íàöèîíàëüíîé ñåòè (óêðàèíñêîé, ðóññêîé, ìîëäàâñêîé), ïîëó÷åííîå èç áàçû RIPE èëè ñãåíåðèðîâàííîå èç BGP view

  • policy name cust1_in target proto ip ifindex s10
    policy name cust1_out target proto ip ifindex d10
    policy name isp_up_in target proto ip ifindex s8
    policy name isp_up_out target proto ip ifindex d8
    åñëè âàø ìàðøðóòèçàòîð Cisco ðàáîòàåò ñ íåñêîëüêèìè êàíàëàìè "íàðóæó", è êàæäûé ïîäêëþ÷åí ÷åðåç ñâîé ôèçè÷åñêèé èíòåðôåéñ, âîçìîæíî èñïîëüçîâàòü ïîëå íîìåðà èíòåðôåéñà èç ïîòîêà NetFlow.

  • policy name worktime target time 9-18 day Mon-Fri
    ïî ýòîé ïîëèòèêå ó÷ò¸òñÿ òîëüêî òðàôèê, ïðîøåäøèé ñ 9 äî 18 ÷àñîâ â äíè ñ ïîíåäåëüíèêà ïî ïÿòíèöó - ðàáî÷åå âðåìÿ

  • policy name sun_night target day Sun time 00:00-06:00
    ïî ýòîé ïîëèòèêå ó÷ò¸òñÿ òîëüêî òðàôèê, ïðîøåäøèé ñ 0 äî 6 óòðà âîñêðåñåíüÿ

  • policy name smb target proto tcp port 135 139 445
    policy name day target time 8-20
    policy name daynotsmb target policy-and day !smb
    òàêèì îáðàçîì ìîæíî îòäåëèòü âåñü äíåâíîé íå-SMB òðàôèê. îáðàòèòå âíèìàíèå íà êîìáèíàöèþ äâóõ ðàíåå îïðåäåëåííûõ ïîëèòèê ÷åðåç ëîãè÷åñêîå È è îáðàùåíèå ñìûñëà (!) äëÿ ó÷åòà íå-SMB òðàôèêà.

ñîçäàíèå þíèòîâ
Çàäàþòñÿ â íàñòðîéêàõ ñåðâèñà processor ÏÎÑËÅ ïîëèòèê, ôîðìàò êîìàíäû èìååò âèä: 
unit { host | user | cluster | group} { oid XXX | name NNNNN } ïàðàìåòðû ....
  • unit host name server ip 192.168.0.1 acct-policy ip
    Ñîçäàåòñÿ çàïèñü î êîìïüþòåðå ñ IP-àäðåñîì 192.168.0.1, âåäåòñÿ ó÷åò âñåãî IP-òðàôèêà ñ/íà ýòîò àäðåñ

  • auto-units 1 type user naming prefix2 "IP-" group CLIENTS
    unit group name CLIENTS acct-policy ip
    unit net name LAN ip 192.168.0.1/24 auto-units 1 acct-policy ip www
    Ïðîèçâîäèòñÿ "àâòîäîáàâëåíèå" â êîíôèãóðàöèþ âñåõ ðàáîòàþùèõ â ñåòè ip 192.168.0.1/24 þíèòîâ. Þíèòû ïîëó÷àþò ñâîè èìåíà íà áàçå äâóõ ïîñëåäíèõ îêòåòîâ àäðåñà, ïîëèòèêè ó÷åòà ip è www, è ïîìåùàþòñÿ â ãðóïïó CLIENTS.

  • restrict all drop local pass
    unit net name LAN ip 192.168.0.1/24 no-local-pass
        acct-policy ip www
    unit host name pupkin ip 192.168.0.18 acct-policy ip www
    Ïîëüçîâàòåëü Ïóïêèí áóäåò èìåòü äîñòóï íàðóæó ñ àäðåñà 192.168.0.18. Ïðè ýòîì åñëè þíèòà ñ àäðåñîì, íàïðèìåð, 192.168.0.19, â ñèñòåìå íå ïðîïèñàíî, ýòîò þíèò áóäåò áëîêèðîâàí íåñìîòðÿ íà òî ÷òî àäðåñ ïðîõîäèò ïî þíèòó òèïà "ñåòü" (192.168.0.1/24). Ïðè÷èíà - ïàðàìåòð "no-local-pass".

  • unit host name pupkin ip 192.168.0.18 mac 00:03:47:c5:81:33
        acct-policy ip
    Çàäàåò MAC-àäðåñ þíèòó. Åñëè âêëþ÷åíà ïðîâåðêà ñîîòâåòñòâèÿ MAC-àäðåñîâ, òî ïðè ïîÿâëåíèè â ñåòè "âðåäèòåëÿ" ñ äðóãèì MAC-àäðåñîì, ïîñòàâèâøèì ñåáå IP-àäðåñ Ïóïêèíà, þíèò áóäåò áëîêèðîâàí. Òàêæå, åñëè ïîëüçîâàòåëè âûõîäÿò â ñåòü ÷åðåç PPPoE è RADIUS, òî âîçìîæíî îðãàíèçîâàòü äîïîëíèòåëüíóþ ïðîâåðêó íà îñíîâå ýòîãî àäðåñà.

  • unit host name pupkin ip 192.168.0.18
        description "Âàñÿ Ïóïêèí, ä.32 êâ.169, òåë. 333-22-77"
        email pupkin@gmail.com acct-policy ip
    Çíà÷åíèå ïàðàìåòðà "description" áóäóò ïîÿâëÿòüñÿ â HTML-ñòðàíèöàõ ñî ñòàòèñòèêîé, ÷òî äîáàâëÿåò óäîáñòâà àäìèíèñòðàòîðó. Àäðåñ ýëåêòðîííîé ïî÷òû þíèòà èñïîëüçóåòñÿ äëÿ ñîîáùåíèÿ òîìó î, íàïðèìåð, ïðåâûøåíèè êâîòû.

  • unit host name pupkin ip 192.168.0.18 bw 64K in acct-policy ip
    Ïóïêèí íå ñìîæåò íè÷åãî ñêà÷àòü ñî ñêîðîñòüþ áîëåå ÷åì 64 êèëîáèòà â ñåêóíäó.
    ÂÀÆÍÎ! ×òîáû îãðàíè÷åíèå ñêîðîñòè ðàáîòàëî, íåîáõîäèìî ïåðåñîáðàòü NeTAMS ñ âêëþ÷åííîé îïöèåé HAVE_BW. Ýòî äåëàåòñÿ òàê: make distclen && FLAGS=-DHAVE_BW make

  • unit user name pupkin ip 0.0.0.0 password ABCDEF
        acct-policy ip parent CLIENTS
    Ïóïêèí, èìåÿ ïóñòîé IP-àäðåñ ïî óìîë÷àíèþ, ìîæåò èñïîëüçîâàòü ñåðâèñ ëîãèíîâ ñî âêëþ÷åííûì ïàðàìåòðîì set-user-ip, äëÿ âûõîäà â ñåòü ñ ëþáîãî ëîêàëüíîãî êîìïüþòåðà, èñïîëüçóÿ âåá-èíòåðôåéñ è óêàçàííûé ïàðîëü.

  • policy name ip target proto ip
    policy name russian target file /etc/ru-networks.txt
    policy name www target proto tcp port 80 81 8080 3128
    policy name non-www1 target proto ip
    policy name non-www2 target proto tcp port 80 81 8080 3128
    unit host name pupkin ip 192.168.0.18
        acct-policy ip !russian %www non-www1
    Äëÿ Ïóïêèíà áóäåì ñ÷èòàòü ñòàòèñòèêó ïî IP-òðàôèêó, ïî ðàçóáåæíîìó òðàôèêó, ïî WWW-òðàôèêó, è ïî âñåìó îñòàëüíîìó êðîìå WWW. Îáðàòèòå âíèìàíèå íà ïîëèòèêó ó÷åòà non-www1: íà ñàìîì äåëå ýòî "âåñü IP-òðàôèê", îäíàêî äî ó÷åòà äîéäåò òîëüêî íå-WWW-òðàôèê èç-çà ôëàãà "%". Àíàëîãè÷íîãî ýôôåêòà ìîæíî äîáèòüñÿ, åñëè ïðèìåíèòü ïîëèòèêó "non-www2". Ýòî òàêàÿ æå ïî ñóòè ïîëèòèêà, ÷òî è www, îäíàêî ïðèìåíåíà â èíâåðòèðîâàííîì ("!") âèäå:
    unit host name pupkin ip 192.168.0.18
        acct-policy ip !russian www !non-www2
    Îáðàòèòå âíèìàíèå íà òî ÷òî íåëüçÿ óêàçûâàòü îäíî è òî æå èìÿ ïîëèòèêè äâà ðàçà ñ ðàçíûìè ôëàãàìè (íàïðèìåð "acct-policy www !www" - íåïðàâèëüíî), òàê êàê â áàçå äàííûõ ñòàòèñòèêà ñîõðàíÿåòñÿ íà îñíîâàíèè policy oid, êîòîðûå äîëæíû áûòü ðàçíûìè


[an error occurred while processing this directive]