Node:ulog-acctd, Next:, Previous:Netfilter, Up:Configuration



ulog-acctd

Per default, configuration is done via the file /etc/ulog-acctd.conf. The following keywords are recognized:

Example:

multicast groups=1
accounting file = /var/log/ulog-acctd/account.log
dump file =       /var/log/ulog-acctd/dump
debug file =      /var/log/ulog-acctd/debug.log
debug = error
accounting format = "%h\t%t\t%p\t%s\t%S\t%d\t%D\t%P\t%b\t\"%i\"\t\"%o\"\t\"%f\"\n"
flush = 30
fdelay = 30

The supplied accounting format string generates output records in the following form (all in one line, with a linefeed at the end):

judith	1032521454	6	192.168.42.11	110	192.168.215.71	1546	12	250113	"eth0"	"eth1"	"prefix"

The following format string will generate CISCO "ip accounting output-packets"-style output lines:

accounting format = "%s %d %P %b\n"
The lines will look like this:
192.168.42.11 192.168.215.71 12	250113

When not all types of information are collected, ulog-acctd will have to do fewer comparisions for each packet while collecting data. Records are smaller and likely fewer records will be written out. This will be the case especially if port information are not collected.