latest stable
    version is 3.4.1rc1
    main     download     documentation     support     forum     development

Documentation

Releases

Knowledge base

Sample configurations

  

service processor


Service processor describes tuning core of NeTAMS, which will produce calculation. 

lookup-delay XXXX
is determined the periodicity, with which service processor will examine the list of its netUnit in order to verify the lifetime of flows and to throw out them into the data base. The less this time, the more precisely occurs the "quantization" of temporary periods, but the greater the load on the program. It does not influence the size of the data base.
XXX - time in seconds, on silence 30.

flow-lifetime XXXX
determines the time of life RAW of the flow after the time indicated flow it is reduced to zero, and data are summarized into the statistics and are written in the base. The less less this time, the greater the accuracy with which are recorded data into the base, but it and the greater. XXXX - time in seconds, on silence 300.

policy [oid OID] name NAME 
		[no] target TARGET 
		[bw { speed in speed out | speed } ]
are determined the rule, or the policy, on which for this object (NetUnit) will be produced the filtration or the calculation of traffic.
oid OID - the unique identifier of policy, is created automatically
name NAME - the name of policy the form of line (2-8 symbols)
target TARGET - the rule, according to which will provodt'sya checking the correspondence to policy.
If before target stands flag no, then that indicated TARGET is removed from the list.
bw { speed in speed out | speed } - lets limit bandwidth input and/or output traffic for this fw-policy.
Let us describe in greater detail than the rule of the formation of purpose (target) of policy. They themselves of policy are rigidly determined in the initial code of program and are vkompilirovany in processor the politician of traffic. Any combinations of the following types are possible:
  • proto XX - number or the name of protocol from the file of /etc/protocols
  • tos XX - checking for the agreements with field TOS IP packet
  • port [s|d|b]num [s|d|b]num... - describes TCP or UDP traffic to the ports indicated the list of ports - numbers and ranges, isolated by space.
    if before the number stands letter s(ource) - agreement occurs only if it coincides port in field SRC of packet, d(estination) - in DST packet, the absence of letter or b(oth) - SRC or DST.
    Limitation to the number of elements in the list - 10. The ranges are assigned using colon or dash.
    for example: target proto tcp port 25 is described entire SMTP (mail) traffic, target proto tcp port s80:82 s8080 applied to the client computer (to unit), counts the entering web-traffic.
  • as-num [s|d|b]num [s|d|b]num - describe traffic on indicated AS list AS - the numbers or ranges, isolated by gap.
    if before the number stands letter s(ource) - agreement occurs only if it coincides AS of the source of packet, d(estination) - with number AS of the recipient of packet, the absence of letter or b(oth) - SRC AS or DST AS.
    Limitation to number AS elements in the list - 10, AS ranges are asigned using colon or dash.
    (beginning from version 3.3.0(2266))
  • units oid XXXX traffic, with the fact that other side (on IP to title) appears NetUnit with the index of XXXX
  • File YYYY coincides, if other side (on IP to title) coincides with the address from the file of the table of prefixes YYYY
    The file of prefixes contains records in the following sizes:
    A.B.C.D /N either A.B.C.D /MASK or A.B.C.D/N or A.B.C.D/MASK
    where:
          A.B.C.D - address of network, for example 10.1.1.0
          MASK - mask (255.255.255.0)
          N - quantity of single bits in the net mask, for example 24 (255.255.255.0)
  • addr addr - ip address participants in the connection.
  • ifindex [s|d|b]num [s|d|b]num - the number (indices) of interfaces in the table of routinga. It is at present urgent only for netflow given.
  • ingress|egress - the way netflow v9 data collected in router. This is actual only for netflow v9.
  • policy-or [!]{NAME|OID}... [!]{NAME|OID} - policy will coincide, if coincides checking ANY of that enumerated politician. Flag ! indicates the inversion of checking to which it it relates.
  • policy-and [!]{NAME|OID}... [!]{NAME|OID} - policy will coincide, if coincides checking ALL of that enumerated politician. Flag ! indicates the inversion of checking to which it it relates.
  • time timespec - coincides, if packet arrived into the time interval of timespec indicated. This is the line, which contains the range of time in hours:minutes (24-hour diagram), in this case zero minutes can be passed:
    target time 9-18
    target time 00:40-21:30
  • day dayspec - coincides, if packet arrived during the day of week, in selected dayspec. These are the line, which contains the trigraphic name of the day of week, or the range of the days:
    target day Mon-Fri
    target day Sun     

default  { acct-policy | fw-policy } NAME|OID ... NAME|OID
It assigns the policy of accounting|filtration by default for all newly created units. 

restrict all {drop|pass} local {drop|pass}
is assigned the policy of the filtration of traffic for the case, when fw-policy for the object is not determined
all - for all data (all ip- addresses src/dst)
local - for the data, intended to the objects, described in the configurative file
drop - not to pass the packets of this class
pass - to pass the packets
Default value restrict all drop local pass leads to the fact that for the traffic, whose packets in the title in fields src/dst both IP-addresses do not belong to any of that described in the configurative file of hosts/clusters/nets, this traffic is blocked. Actually, this means that program will pass throut the router only data from/to registered hosts. In the case of establishment restrict local drop you are obligated clearly for each unit to prescribe fw-policy. If for unit are prescribed none of policy acct-policy or fw-policy, then this is equivalent to application to this unit of parameter no-local-pass, i.e., application restrict all instead of restrict local. 

auto-assign A.B.C.D E.F.G.H
It reristriruyet the range of addresses, beginning with A.B.C.D and concluding E.F.G.H as the pool for the automatic taking IP- addresses to newly created yunitam. In this case it yunit it is created with the aid of the command:
unit {host|.user} name THE XXX ip auto
In that case for all registered ranges auto-assign are checked already existing yunity of the type user or host, having IP-addresses from the assigned range, and the following unoccupied address (it it is derived in response to komanu of creation) is assigned. Thus, the script of the creation of akkauntov-yunitov can "create" new yunity itself, and addresses are appropriated in the automatic regime.
The creation of several pools is possible. In this case the checking and isolation IP occurs in the sequence auto-assign. 

auto-units N type {host|user} naming {by-dns| prefix1 PPP |prefix2 QQQ} 
	[group GROUPNAME]
It makes it possible to automatically create yunity with obtaining of the packets, which belong to a certain network, and the absence of corresponding yunita in the configurative file. In this case the name to yunitu is generated through DNS, or on base IP-address.
  • N - number of record auto-units
  • type host or type user - the type of created unit
  • naming - as the name will be appropriated:
          by-dns - name will be determined through DNS, which must in you but' is already disposed and ensure the inverse transformation of the addresses
    If name is not obtained, then as the name will be used IP address.
          prefix1 PPP - will be undertaken the last octet of address, and is from the front before it set line PPP
          prefix2 QQQ - will be undertaken two last octet of address, and is from the front before them set line QQQ
  • Group GROUPNAME - into what group to place that created unit (neobyazatel'no)(versii beginning from 17 March 2004). 

unit {host|group|cluster|net|user} 
	[oid OID] 
	name NAME 
	parameters 
	[parent GROUP]
	[no-local-pass]
	[email addr]
	[password passwd]
	[sys-XXXX]
	[bw { speed in speed out | speed } ]
	[acct-policy [!][%]p_name [p_name] ...]
	[fw-policy [!][%]p_name [p_name] ... ]
	[ds-list 1,2,3...]
	[auto-units X]
the determination of object (NetUnit) from which will be carried out control and calculation.
  • Type:
    host - host^ only one IP address
    group - group (emptiest possible)
    cluster - khost with several ip- addresses (cluster)
    net - subnetwork, which is determined by net address and mask
    user - an analog of the type khost, it is used for the dynamic task ip of addresses and to tying to the users
  • oid OID - the unique identifier of net unit, is created automatically
  • name NAME - the name of object in the form of line (2-8 symbols)
  • parameters - specific for this type of object parameters:
    for host: ip A.B.C.D - host address
    for group: no
    for cluster: ip A.B.C.D [ip A.B.C.E [..]] - the list of the addresses
    for subnetwork: ip A.B.C.D mask E.F.G.H - net address and the mask
    for user: ip A.B.C.D - address from which works the user
  • parent GROUP - the name of the group parental for this object
  • no-local-pass - with the indication of this flag ip- packet, which coincided with this yunitom, not will be considered local, to it will be applied the policy of filtration restrict all, and not restrict local (usefully for the subnetworks)
  • email addr - the address of the electronic mail of critical for this unit the man
  • password passwd - password for this yunita. It can be used both for the authorization (unit user) and for the survey of statistics, if is included htaccess yes in service html.
  • sys-{allow|deny}-XXX - so-called "system policy", the possible values:
    sys-allow - to permit everything, those removing all prohibitioies
    sys-deny - to forbid all, remaining prohibitions also remain
    sys-{deny|allow}-acction - to zapretit'|razreshit' action AccTION(.auth, block, login, money, quota)
    is possible the combination of several similar politician.
    sys-deny-OID - to forbid work yunitom OID independently of other limitations
    sys-allow-OID - to permit work yunitom OID independently of other limitations
  • bw {speed in speed out|speed} - it makes it possible to limit the entering and/or outgoing traffic for this yunita on the speed. Parameter speed is indicated in the bits per second; it is possible to use coefficients K and M for the indication of kilos-bit and megabit. If is not indicated direction in or out, the nomination of the identical limit of velocity to both directions is implied simultaneously.
  • acct-policy [!][%]p_name - the divided by gaps list is the politician of the calculation of traffic for this object
    ! - if you place the exclamation mark before the name of policy (without the gap), for example!.all-ichmp, then sovpadeniye/nesovpadeniye of this policy packet will be in connection with INVERTED, i.e., in this case will be considered ENTIRE NOT -.ICMP traffic.
    % - if you place the sign of percentage with the indication of policy acct-policy, this means that with the agreement of this policy for the packet, further survey of list the politician ceases and calculation concludes.
  • fw-policy [!][%]p_name - the divided by gaps list is the politician of the filtration of traffic for this object
    ! - if you place the exclamation mark before the name of policy (without the gap), for example!.all-ichmp, then sovpadeniye/nesovpadeniye of this policy packet will be in connection with INVERTED, i.e., in this case will be passed ENTIRE NOT -.ICMP traffic.
    % - if you place the sign of percentage with the indication of policy fw-policy, this means that with the agreement of this policy for the packet further survey of list politician it ceases, and verdict to propuskat'/ne pass packet will be made immediately.
  • ds-list no,[no,no...] - list of the sources of data, which will be connected with this net object
  • auto-units X - the number of record auto-units in service processor, according to which will automatically sozavat'sya stock-taking records for new khostov in the network. This parameter is applied only to yunitu of the type net. In more detail about this function it is possible to read here. 

storage N { all | raw | summary }
determination of type of the type of information, which will be preserved in the depository, with which will work service processor. simultaneously it can be several depositories
N - number of service storage, it can be yet neglected
raw - will remain data in the damp form, i.e., only about the flows of traffic, during period flow-lifetime
summary - will remain the data about the summary flows of data for sremya since the beginning of that flowing of hour, day, week, month of this object unit
all - indicates that in this depository will remain data of all types it is the sum of data, preserved in the form summary and raw

access-script path
is established the name of the script, which will be used for blocking the traffic usefully for the systems, which use not data-source ip-filter, but other mechanisms.
path - complete way to the script
for example:
access-script "/usr/home/anton/script.pl"
in this case the script takes the form: 
#!/usr/bin/perl -w
print shift, " ", shift, " ", shift, " ", shift, "\n";
With the occurrence of an event of turning off- switching on service processor causes it with the parameters:
    Acction(DENY|ALLOW)
    Unit ID(OID)
    IP(IP)
    Why(QUOTA|LOGIN|...)


Рейтинг@Mail.ru