Jump to content
Калькуляторы

Разобрать логи FreeRADIUS

Имеется шлюз, pppoe c авторизацией на FreeRADIUS который ведет логи по типу

 

Sun Jun 15 00:02:38 2008
    NAS-Identifier = "server.local"
    NAS-Port = 0
    NAS-Port-Type = Virtual
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Calling-Station-Id = "0019d1182702"
    User-Name = "user1"
    Framed-IP-Address = 10.0.0.0
    Acct-Status-Type = Interim-Update
    Acct-Session-Id = "3168056-pppoe0"
    Acct-Multi-Session-Id = "3168056-pppoe0"
    Acct-Link-Count = 1
    Acct-Authentic = RADIUS
    Acct-Session-Time = 305702
    Acct-Input-Octets = 10666073
    Acct-Input-Packets = 164211
    Acct-Output-Octets = 213584626
    Acct-Output-Packets = 164680
    Acct-Input-Gigawords = 0
    Acct-Output-Gigawords = 0
    NAS-IP-Address = 192.168.0.22
    Client-IP-Address = 192.168.0.22
    Acct-Unique-Session-Id = "66d9644d2c801913"
    Timestamp = 1213473758

Sun Jun 15 00:02:42 2008
    NAS-Identifier = "server.local"
    NAS-Port = 1
    NAS-Port-Type = Virtual
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Calling-Station-Id = "0019d18c15a8"
    User-Name = "user2"
    Framed-IP-Address = 10.0.0.1
    Acct-Status-Type = Interim-Update
    Acct-Session-Id = "3168060-pppoe1"
    Acct-Multi-Session-Id = "3168060-pppoe1"
    Acct-Link-Count = 1
    Acct-Authentic = RADIUS
    Acct-Session-Time = 305702
    Acct-Input-Octets = 1449548717
    Acct-Input-Packets = 4221659
    Acct-Output-Octets = 3153908217
    Acct-Output-Packets = 4854304
    Acct-Input-Gigawords = 0
    Acct-Output-Gigawords = 0
    NAS-IP-Address = 192.168.0.22
    Client-IP-Address = 192.168.0.22
    Acct-Unique-Session-Id = "4d445616077e3985"
    Timestamp = 1213473762

 

Подскажите утилитку которой можно эти логи разобрать, нужно посчитать трафик и время, это нужно не постоянно а иногда, шлюз стоит на предприятии, требуется переодически сверять статистику по юзерам, по времени и т.д. если эта софтина будет под win платформу, это конечно удобнее.

 

Share this post


Link to post
Share on other sites

поищи проги анализаторов логов

например тут

http://www.opennet.ru./prog/sml/122.shtml

Share this post


Link to post
Share on other sites

Мне биллинг вобщето не нужен, мне разобрать логи иногда кто сколько раз подключался и скока времени провел в сети и накачал сколько. Понимаю что задачи билинговые, но нужно это не всегда, лишь иногда.

Подскажите хотябы первые пару строк на перле

Edited by forward

Share this post


Link to post
Share on other sites

#!/usr/bin/perl

###############################################################################
use Date::Manip;
use DBI();
use POSIX ();
###############################################################################

:)

Share this post


Link to post
Share on other sites

Модули подключил, хм.... это не то?

 

while (<>) {
      next if /Acct-Session-Id = "00000000"/;
      %DETAIL = ();
    my $startsessid = '';
    my $stopsessid = '';
    
    if (/Acct-Status-Type = (\S+)/) {
      $DETAIL{'Acct-Status-Type'} = $1;
    }

    if (/Acct-Session-Id = "([^"]+)"/) {
      $DETAIL{'Acct-Session-Id'} = $1;
    }

    if (/User-Name = "([^"]+)"/) {
             $DETAIL{'User-Name'} = $1;
        }

    if (/NAS-IP-Address = (\S+)/) {
       $DETAIL{'NAS-IP-Address'} = $1;
    }
    
    if (/NAS-Port-Id = (\d+)/) {
       $DETAIL{'NAS-Port-Id'} = $1;
    }

    # some detail files have this instead of the NAS-Port-Id
    if (/NAS-Port = (\d+)/) {
       $DETAIL{'NAS-Port-Id'} = $1;
    }

    if (/NAS-Port-Type = (\S+)/) {
       $DETAIL{'NAS-Port-Type'} = $1;
    }

    $DETAIL{'Time'} = timelocal ($6, $5, $4, $3, $months{$2}, $7 - 1900) if
    (/^(\w{3})\s(\w{3})\s{1,2}(\d{1,2})\s(\d{2}):(\d{2}):(\d{2})\s(\d{4})\n/
    && (grep {$1 eq $_} @wdays) && (grep {$2 eq $_} keys %months));
    
    if (/Acct-Session-Time = (\d+)/) {
       $DETAIL{'Acct-Session-Time'} = $1;
        }

    if (/Acct-Authentic = (\S+)/) {
       $DETAIL{'Acct-Authentic'} = $1;
    }

    if (/Acct-Input-Octets = (\d+)/ ){
       $DETAIL{'Acct-Input-Octets'} = $1;
    }

    if (/Acct-Output-Octets = (\d+)/) {
       $DETAIL{'Acct-Output-Octets'} = $1;
    }
    
    if (/Called-Station-Id = "([^"]+)"/) {
       $DETAIL{'Called-Station-Id'} = $1;
        }

    if (/Calling-Station-Id = "([^"]+)"/) {
       $DETAIL{'Calling-Station-Id'} = $1;
        }

    if (/Connect-Info = "([^"]+)"/) {
       $DETAIL{'Connect-Info'} = $1;
        }

    if (/Acct-Terminate-Cause = (\S+)/) {
       $DETAIL{'Acct-Terminate-Cause'} = $1;
        }

    if (/Service-Type = (\S+)/) {
       $DETAIL{'Service-Type'} = $1;
        }

    if (/Framed-Protocol = (\S+)/) {
       $DETAIL{'Framed-Protocol'} = $1;
        }

    if (/Framed-IP-Address = (\S+)/) {
       $DETAIL{'Framed-IP-Address'} = $1;
        }

    if (/Acct-Delay-Time = (\d+)/) {
       $DETAIL{'Acct-Delay-Time'} = $1;
        }

    if ($DETAIL{'Acct-Status-Type'} eq 'Start') {
        $sth = $dbh->prepare("SELECT RadAcctId FROM radacct WHERE AcctSessionId = '$DETAIL{'Acct-Session-Id'}' AND UserName = '$DETAIL{'User-Name'}' AND NASIPAddress = '$DETAIL{'NAS-IP-Address'}' AND NASPortId = '$DETAIL{'NAS-Port-Id'}' AND AcctStartTime = 0");
        print "SELECT RadAcctId FROM radacct WHERE AcctSessionId = '$DETAIL{'Acct-Session-Id'}' AND UserName = '$DETAIL{'User-Name'}' AND NASIPAddress = '$DETAIL{'NAS-IP-Address'}' AND NASPortId = '$DETAIL{'NAS-Port-Id'}' AND AcctStartTime = 0\n" if $DEBUG;
        $sth->execute || print "Error: ".$dbh->errstr();
        ($startsessid) = $sth->fetchrow_array;
        $sth->finish;
        if ($startsessid) {
            $sth = $dbh->do("UPDATE radacct SET AcctStartTime = FROM_UNIXTIME('$DETAIL{'Time'}'), AcctStartDelay = '$DETAIL{'Acct-Delay-Time'}' WHERE RadAcctId = '$startsessid'") || print "Error: ".$dbh->errstr() if $DOUPDATE;
            print "UPDATE radacct SET AcctStartTime = FROM_UNIXTIME('$DETAIL{'Time'}'), AcctStartDelay = '$DETAIL{'Acct-Delay-Time'}' WHERE RadAcctId = '$startsessid'\n" if $DEBUG;
        } else {
            $sth = $dbh->do("INSERT INTO radacct VALUES ('','$DETAIL{'Acct-Session-Id'}','$DETAIL{'User-Name'}','','$DETAIL{'NAS-IP-Address'}',$DETAIL{'NAS-Port-Id'},'$DETAIL{'NAS-Port-Type'}',FROM_UNIXTIME('$DETAIL{'Time'}'), 0, 0, '$DETAIL{'Acct-Authentic'}','$DETAIL{'Connect-Info'}',0, 0, '$DETAIL{'Called-Station-Id'}','$DETAIL{'Calling-Station-Id'}','','$DETAIL{'Service-Type'}','$DETAIL{'Framed-Protocol'}','$DETAIL{'Framed-IP-Address'}','$DETAIL{'Acct-Delay-Time'}', 0)") || print "Error: ".$dbh->errstr() if $DOUPDATE;
            print "INSERT INTO radacct VALUES ('','$DETAIL{'Acct-Session-Id'}','$DETAIL{'User-Name'}','','$DETAIL{'NAS-IP-Address'}',$DETAIL{'NAS-Port-Id'},'$DETAIL{'NAS-Port-Type'}',FROM_UNIXTIME('$DETAIL{'Time'}'), 0, 0, '$DETAIL{'Acct-Authentic'}','$DETAIL{'Connect-Info'}',0, 0, '$DETAIL{'Called-Station-Id'}','$DETAIL{'Calling-Station-Id'}','','$DETAIL{'Service-Type'}','$DETAIL{'Framed-Protocol'}','$DETAIL{'Framed-IP-Address'}','$DETAIL{'Acct-Delay-Time'}', 0)\n" if $DEBUG;
        }
    } elsif ($DETAIL{'Acct-Status-Type'} eq 'Stop') {
        $sth = $dbh->prepare("SELECT RadAcctId FROM radacct WHERE AcctSessionId = '$DETAIL{'Acct-Session-Id'}' AND UserName = '$DETAIL{'User-Name'}' AND NASIPAddress = '$DETAIL{'NAS-IP-Address'}' AND NASPortId = '$DETAIL{'NAS-Port-Id'}' AND AcctStopTime = 0") || print "Error: ".$dbh->errstr();
        print "SELECT RadAcctId FROM radacct WHERE AcctSessionId = '$DETAIL{'Acct-Session-Id'}' AND UserName = '$DETAIL{'User-Name'}' AND NASIPAddress = '$DETAIL{'NAS-IP-Address'}' AND NASPortId = '$DETAIL{'NAS-Port-Id'}' AND AcctStopTime = 0\n" if $DEBUG;
        $sth->execute || print "Error: ".$dbh->errstr();
        ($stopsessid) = $sth->fetchrow_array;
        $sth->finish;
        if ($stopsessid) {
            $sth = $dbh->do("UPDATE radacct SET AcctStopTime = FROM_UNIXTIME('$DETAIL{'Time'}'), AcctStopDelay = '$DETAIL{'Acct-Delay-Time'}', AcctSessionTime = $DETAIL{'Acct-Session-Time'}, AcctInputOctets = $DETAIL{'Acct-Input-Octets'}, AcctOutputOctets = $DETAIL{'Acct-Output-Octets'}, AcctTerminateCause = '$DETAIL{'Acct-Terminate-Cause'}' WHERE RadAcctId = '$stopsessid'") || print "Error: ".$dbh->errstr() if $DOUPDATE;
            print "UPDATE radacct SET AcctStopTime = FROM_UNIXTIME('$DETAIL{'Time'}'), AcctStopDelay = '$DETAIL{'Acct-Delay-Time'}', AcctSessionTime = $DETAIL{'Acct-Session-Time'}, AcctInputOctets = $DETAIL{'Acct-Input-Octets'}, AcctOutputOctets = $DETAIL{'Acct-Output-Octets'}, AcctTerminateCause = '$DETAIL{'Acct-Terminate-Cause'}' WHERE RadAcctId = '$stopsessid'\n" if $DEBUG;
        } else {
            $sth = $dbh->do("INSERT INTO radacct VALUES ('','$DETAIL{'Acct-Session-Id'}','$DETAIL{'User-Name'}','','$DETAIL{'NAS-IP-Address'}',$DETAIL{'NAS-Port-Id'},'$DETAIL{'NAS-Port-Type'}', 0, FROM_UNIXTIME('$DETAIL{'Time'}'), $DETAIL{'Acct-Session-Time'}, '$DETAIL{'Acct-Authentic'}','$DETAIL{'Connect-Info'}',$DETAIL{'Acct-Input-Octets'}, $DETAIL{'Acct-Output-Octets'}, '$DETAIL{'Called-Station-Id'}','$DETAIL{'Calling-Station-Id'}','$DETAIL{'Acct-Terminate-Cause'}','$DETAIL{'Service-Type'}','$DETAIL{'Framed-Protocol'}','$DETAIL{'Framed-IP-Address'}', 0, '$DETAIL{'Acct-Delay-Time'}')") || print "Error: ".$dbh->errstr() if $DOUPDATE;
            print "INSERT INTO radacct VALUES ('','$DETAIL{'Acct-Session-Id'}','$DETAIL{'User-Name'}','','$DETAIL{'NAS-IP-Address'}',$DETAIL{'NAS-Port-Id'},'$DETAIL{'NAS-Port-Type'}', 0, FROM_UNIXTIME('$DETAIL{'Time'}'), $DETAIL{'Acct-Session-Time'}, '$DETAIL{'Acct-Authentic'}','$DETAIL{'Connect-Info'}',$DETAIL{'Acct-Input-Octets'}, $DETAIL{'Acct-Output-Octets'}, '$DETAIL{'Called-Station-Id'}','$DETAIL{'Calling-Station-Id'}','$DETAIL{'Acct-Terminate-Cause'}','$DETAIL{'Service-Type'}','$DETAIL{'Framed-Protocol'}','$DETAIL{'Framed-IP-Address'}', 0, '$DETAIL{'Acct-Delay-Time'}')\n" if $DEBUG;
        }
    }
}

Share this post


Link to post
Share on other sites

говорю же... поставьте опенсорцевый биллинг. Не привязывайте просто отключения и все. Всегда можно будет посмотреть: кто, сколько раз, в каком объеме. А вот изредка решать одну и ту же проблему, пусть даже по шаблону... это изврат.

Share this post


Link to post
Share on other sites

Имеется шлюз, pppoe c авторизацией на FreeRADIUS

...

нужно посчитать трафик и время

перекомпилить FreeRADIUS с поддержкой *SQL (MySQL|PostgreSQL) и настроить модуль rlm_sql и все! RADIUS _сам_ будет складывать _все_ данные в radacct откуда будете брать то что Вам нужно либо SQL запросом либо заюзаете идущий в поставке dialup admin ...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.