latest stable
    version is 3.4.1rc1
    main     download     documentation     support     forum     development

Documentation

Releases

Knowledge base

Sample configurations

  

service quota


Basic properties:
  1. Storage of information about the quotas of clients in base SQL. at the present moment is supported MySQL and Postgres.
  2. Possibility of the task of the policy of the calculation (control), the parameters of notification with respect to silence.
  3. The possibility of the task of all parameters of quotas with respect to the traffic it is individual for each yunita. This of the value of the entering, outgoing and summary traffic beginning from the moment of the beginning of hour, day, week and month.
  4. The possibility of the task of the threshold of "soft wear and tear" in the percentages of "rigid" quota it is individual for each yunita.
  5. Possibility of flexible control of the parameters of notification with wear and tear and return of quota.
Initial tuning must be conducted with the inoperative demon NeTAMS.

Let us assume that data has already been stored in the base of data MySQL, determined in service data-source with number 2: 
	service data-source 2
	type mysql
For the work of service quota will have to indicate the number of the service- depository of the data: 
	service quota 0
	storage 2
After these operations you will neglect NeTAMS. All the remaining tuning can be carried out with the working program. To verify, does work service, it is possible:
  1. By survey of the log-file of the program
  2. By survey of the list of tables SQL-base NeTAMS: mysqlshow netams (it must appear table "quota")
  3. After being connected to the program through telnet- interface and after carrying out command show quota
For tuning of the parameters of service quota it is necessary to be connected to the program through telnet- interface, to pass into the regime of tuning service by the command 
	service quota 0
and by the collection of commands. All commands are divided into two parts: the command of tuning strictly the service (they they remain in the configurative file) and the commands, which cause tuning the parameters of the quotas of separate yunitov (they be reflected into SQL-table). 

policy XXX
Is assigned the policy of calculation (acct-policy), which will be used with checking of quotas. This is policy on silence for all, there is a possibility to redetermine it for concrete yunita. If it is not indicated, is used the first policy from those determined policy OF THE XXX service processor. 


block-policy XXX
Is assigned the policy of blocking (fw-policy), which will be added to the collection the politician of blocking yunita with exceeding of quota. This policy on silence acts on all yunity, there is a possibility to redetermine it for concrete yunita. With ostutstviii of this command will be used only mechanism sys-deny-quota.

IT IS IMPORTANT!
The appearance of this command required change of the diagram of table QUOTA in the data base. If you carry out the "clean" installation NeTAMS or can yourselves allow to remove the suzhestvuyushchuyu table QUOTA, written it does not further you concern. If you conduct renovation from version 3.2.0, 3.2.1 or STABLE to 10.02.2005, it is necessary to by hand modify diagram BD. For this it suffices to carry out following SQL- commands: 
alter table quota add column block_policy INT default 0;
alter table quota add column block_policy_flags INT default 0;


soft-treshold N
Is assigned the threshold of the wear and tear of "soft quota" for yunita, in the percentages of "rigid quota". The previously size of soft quota it was possible to indicate independently for each type of quota (for example "entering the day, which emanates into the week"), now this value one. On silence it is determined in src/netams.h (S_QUOTA_DEF_soft_treshold) and it is equal to 80%. The allowed values from 0 to 100, mark "%" placed must not be. The value of "0" disconnects "soft quotas" entirely. 

delay N
Time interval between the periodic inspections of all yunitov to the offensive of the moment of operation of quota. It is assigned in seconds. On silence the value of 10 s., which is declared v in src/netams.h (S_QUOTA_DEF_delay). 

storage N
The number of service storage, in which will be created and used table quota. This parameter cannot be indicated (to change) with the working program. 

set {name XXX | oid YYY} 
	[policy XXX] 
	[block-policy XXX] 
	[soft-treshold N] 
	[active|inactive] 
	[notify [{soft|hard|return} {"{none}"|["{owner}"] [YYY]}]] 
	[hour ... ] 
	[day ...] 
	[week ...] 
	[month ...]
Are assigned concrete tuning for yunita. Parameters policy, soft-treshold and notify pereopredelyayut those, which are assigned globally for the service by vtselom. The call of this command leads to a change of the record in table quota SQL- server, but it is not reflected in the configurative file.
  • name XXX | oid YYY}
    Assigns name or OID yunita, with which the work is produced. This is the only required parameter.
  • policy XXX
    Is determined the policy of calculation (acct-policy), which will be used with checking of quota for this yunita. It is assigned on the name of policy.
  • block-policy XXX
    Is determined the policy of blocking (fw-policy), which will be applied to yunitu with exceeding of quota. It is assigned on the name of policy.
  • soft-treshold N
    Is assigned the specific threshold value of "soft quota" for this yunita, in the percentages of "rigid quota". The value of "0" disconnects "soft quota" for the data yunitasovsem. Permissible range from 0 to 100.
  • active|inactive
    It includes and turns off working quotas for this yunita. You can temporarily turn off working, in this case all tuning for yunita will remain in the data base. It is useful for the "special start of client conversely".
  • notify {on_condition} {whom}
    It determines, to whom will be sent away post communications about the occurrence of an event, connected with the data yunitom.
    Condition ({pri_uslovii}) - this one of the events:
        soft - occurred the overcrowding of "soft" quota. It is necessary to warn user, without disconnecting it.
        hard - occurred the overcrowding of "rigid" quota. It is necessary to warn user about the fact that it is opened, and to open it.     return - after a lapse of the time (for example, it began new month) user must be included and opoveshchen about this.

    Recipient ({whom}) - persona, whom to notify. Opoveshcheny about nastplenii of event can be and/or strictly the owner of yunita (with the condition that yunit it has a type user, also, for it it is established parameter email), and also one of brought in the program users (user), for example very administrator of network. Possible values:
    • {owner} - the owner of yunita
    • username - name or OID user (administrator).
    The examples (let us assume previously determined user name admin email root@localhost):
    notify soft {owner}
notify hard {owner} admin
notify return admin
  • [hour ... ], [day ...], [week ...], [month ...]
    The values of quotas for the period of time are assigned. Size:
        time_spec amount {in|out|sum},
    where timespec={.hour|.day|.week|.month}, amount - value of quota (in the bytes, but it is possible to use modifiers K, M, G), {in|.out} - direction of the quoted traffic, {sum} - summary traffic (both directions). If you need reset quota for certain direction set this value to 0 (zerro). For example: 
    set name user1 month 0 in
    In this case month quota will be reseted.
The values of the parameters on silence can be changed in the appropriate section of file src/netams.h and of subsequent complete peresborkoy program (make clean; make). Their list is given below: 
#define S_QUOTA_DEF_soft_treshold 80
#define S_QUOTA_DEF_delay 10
#define S_QUOTA_DEF_notify_soft 1
#define S_QUOTA_DEF_notify_hard 1
#define S_QUOTA_DEF_notify_return 1
The execution of the commands of form set ... they lead to the modification of the internal structures of the program (more precise, to filling pour on structures u ->quotadata of unit u), and also to the modification of table quota of the current SQL-base of data indicated. As usual, if this table there does not exist, it is created automatically with the first starting. The size of table can be looked through the call of command mysqlshow netams quota. Do not attempt to edit SQL-table quota by your from without programs. All records must be introduced by scripts or by hand through telnet- interface of program (command set).

Is given below an example of the application of a service of the control of quotas for the small network. The formulation of the problem is the following:

  • Network is built on marshrutizatore FreeBSD 4.7/NeTAMS 3.1(2176)
  • Local network unites order 10 computers with the addresses of 192.168.0.X
  • To a number of computers it is necessary to organize quotas to the output into the Internet, on the order of 3M of the entering traffic into the day and 100M per month.
  • It is necessary to send notifications about the offensive of soft quota (75%), rigid quota and return of access to users, rigid quota - to administrator.
  • To consider only HTTP-traffic is necessary.
Is given below the complete configurative file NeTAMS: 
debug none
user oid 01327B name admin real-name Konstantin email AAA@mail.ru permit all
schedule oid 08FFFF time hourly- action html

#services configuration

service server 0
login any
listen 20001
max-conn 6

service processor 0
lookup-delay 20
flow-lifetime 60
policy oid 146633 name all-ip target proto ip 
policy oid 147C83 name http target proto tcp ports 80 8080 81 3128 443 
restrict all pass local pass
unit group oid 0574B0 name LAN acct-policy all-ip 
unit group oid 05431B name WAN acct-policy all-ip 
unit host oid 021949 name server ip 192.168.0.1 acct-policy all-ip 
unit host oid 02238E name Andrew ip 1.3.168.142 acct-policy all-ip http
unit net oid 0446E8 name local ip 192.168.0/24 acct-policy all-ip 
unit net oid 043D1B name all ip 0.0.0.0 mask 0.0.0.0 acct-policy all-ip 
unit host oid 02507E name 02 ip 192.168.0.10 acct-policy all-ip http 
unit host oid 022EB1 name 03 ip 192.168.0.11 acct-policy all-ip http 
unit host oid 0241B7 name 07 ip 192.168.0.12 acct-policy all-ip http
unit host oid 0279E2 name 09 ip 192.168.0.13 acct-policy all-ip http
unit host oid 027545 name 11 ip 192.168.0.14 acct-policy all-ip http
unit host oid 02515F name 12 ip 192.168.0.15 acct-policy all-ip http
unit user oid 025BD0 name 13_1 ip 192.168.0.16 
	email user08@a.ru acct-policy all-ip http
unit host oid 021220 name 14 ip 192.168.0.17 acct-policy all-ip http
unit user oid 024DB1 name 13_2 ip 192.168.0.18 
	email user09@a.ru acct-policy all-ip http
unit host oid 020216 name 16 ip 192.168.0.19 acct-policy all-ip http
unit host oid 021F16 name 17 ip 192.168.0.20 acct-policy all-ip http
unit host oid 021190 name 50_1 ip 192.168.0.21 acct-policy all-ip http
unit host oid 0266EF name Localnet ip 192.168.0.22 acct-policy all-ip http
unit host oid 02140E name TPSO-1 ip 192.168.0.23 acct-policy all-ip http
unit host oid 023352 name TPSO-2 ip 192.168.0.24 acct-policy all-ip http
unit host oid 02109C name 07-2 ip 192.168.0.25 acct-policy all-ip http
unit host oid 020DED name 19 ip 192.168.0.26 acct-policy all-ip http
unit user oid 027FDC name 15_1 ip 192.168.0.27 
	email user05@a.ru acct-policy all-ip http
unit user oid 021BEF name 15_2 ip 192.168.0.28 
	email user02@a.ru acct-policy all-ip http
unit user oid 0241A7 name 15_3 ip 192.168.0.29 
	email user04@a.ru acct-policy all-ip http
unit user oid 026B68 name 15_4 ip 192.168.0.30 
	email user06@a.ru acct-policy all-ip http
unit host oid 024E6A name 08_1 ip 192.168.0.31 acct-policy all-ip http
storage 1 all

service storage 1
type mysql

service quota 0
policy http
soft-treshold 75
notify soft {owner} 
notify hard {owner} admin
notify return {owner} 
storage 1

service data-source 1
type ip-traffic
source divert 199
rule 5 "ip from any to any via rl0"

service alerter 1
report oid 06100 name rep1 type traffic period day detail simple
smtp-server localhost

service html 1
path /home/www/traffic
language en
run hourly
After the installation of this configurative file it is necessary to introduce into NeTAMS/SQL real values for the parameters of the quotas of users. Greatly it is suitable for this unilita netamsctl from distributiva: 
netamsctl "service quota 0 && set name 12 day 3M in month 150M in && exit"
netamsctl "service quota 0 && set name 13_1 day 3M in month 100M in && exit"
netamsctl "service quota 0 && set name 13_2 day 3M in month 100M in && exit"
netamsctl "service quota 0 && set name 15_1 day 3M in month 100M in && exit"
netamsctl "service quota 0 && set name 15_2 day 3M in month 120M in && exit"
netamsctl "service quota 0 && set name 15_3 day 3M in month 100M in && exit"
netamsctl "service quota 0 && set name 15_4 day 3M in month 100M in && exit"
Collecting these commands in the command line NeTAMS it is caused the record of corresponding parametvov into base SQL, configurative file does not change and command save to fulfill not necessary. You also can dispose and use Web- interface Admintool for control of quotas.

Рейтинг@Mail.ru