ipacctable 설치하기

ipaccttable 설치하기

iptables 체인 카운터를 이용하여 MRTG 그래프를 그리기 위한 리눅스용 유틸리티

다운로드

http://sourceforge.net/projects/ipacct-snmp/files/ipaccttable/1.0/

사전패키지 필요 설치

yum install iptables-devel net-snmp

2005년 이후로 업데이트된것은 없는듯 하다) Centos5에서는 별 이상없이 설치되며 6버젼에서는 설치는 되지만 에러가 발생한다.

CentOS6 버젼에 설치는 아래 링크를 참조하면 된다

http://kensei.co.kr/497

다운로드후 압축을 푼 다음 바로 컴파일 해서 사용하면 안될듯 하고 아래 설정값들을 자신이 사용할 환경으로 변경후에 컴파일하면 된다.

ipaccttable 설정부분

ipaccttable/mib/BDI-R100-IPCNTR-MIB.txt : 1.3.6.1.4.1.14275 ipaccttable/src/ipCntrTable.c: : 1,3,6,1,4,1,14275,2,1,1

 

ipaccttable/src/ipacct-snmp.c

#define IPACCT_TABLE        "filter" #define IPACCT_TABLE_CHAIN  "NOT_KR_FORWARD"

vim /etc/snmp/snmpd.conf

절대 경로냐 상대경로냐 차이이며 나는 3개를 만들어보았다.

dlmod ipAcctTable /usr/lib/snmp/dlmod/ipaccttable.so #dlmod ipDntrTable /usr/lib/snmp/dlmod/ipdntrtable.so #dlmod ipEntrTable /usr/lib/snmp/dlmod/ipentrtable.so #dlmod ipAcctTable ipaccttable #dlmod ipCntrTable ipcntrtable #dlmod ipDntrTable ipdntrtable

컴파일 및 설치 

./configure --with-snmp-dlmod-dir=/usr/lib/snmp/dlmod --with-snmp-mib-dir=/usr/lib/snmp/mib make && make install

error) make 시 에러 발생

 

뭔가 있어보이는데 yum install net-snmp* 하면 됨...

ipAcctTable.c:1:38: error: net-snmp/net-snmp-config.h: No such file or directory ipAcctTable.c:2:40: error: net-snmp/net-snmp-includes.h: No such file or directory ipAcctTable.c:3:52: error: net-snmp/agent/net-snmp-agent-includes.h: No such file or directory In file included from ipAcctTable.c:4: ipAcctTable.h:6: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ipAcctTable_handler' ipAcctTable.h:8: error: expected ')' before '*' token ipAcctTable.h:9: error: expected ')' before '*' token ipAcctTable.h:11: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ipAcctTable_get_first_data_point' ipAcctTable.h:12: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ipAcctTable_get_next_data_point' ipAcctTable.h:13: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ipAcctTable_free' In file included from ipAcctTable.c:5: ipacct-snmp.h:4: error: expected specifier-qualifier-list before 'u_int32_t' In file included from ipAcctTable.c:6: functions.h:4: error: expected ')' before 'var' ipAcctTable.c: In function 'initialize_table_ipAcctTable': ipAcctTable.c:14: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'ipAcctTable_oid' ipAcctTable.c:14: error: 'ipAcctTable_oid' undeclared (first use in this function) ipAcctTable.c:14: error: (Each undeclared identifier is reported only once ipAcctTable.c:14: error: for each function it appears in.) ipAcctTable.c:14: error: expected expression before ']' token ipAcctTable.c:16: error: 'netsnmp_table_registration_info' undeclared (first use in this function) ipAcctTable.c:16: error: 'table_info' undeclared (first use in this function) ipAcctTable.c:17: error: 'netsnmp_handler_registration' undeclared (first use in this function) ipAcctTable.c:17: error: 'my_handler' undeclared (first use in this function) ipAcctTable.c:18: error: 'netsnmp_iterator_info' undeclared (first use in this function) ipAcctTable.c:18: error: 'iinfo' undeclared (first use in this function) ipAcctTable.c:24: error: 'ipAcctTable_handler' undeclared (first use in this function) ipAcctTable.c:27: error: 'HANDLER_CAN_RWRITE' undeclared (first use in this function) ipAcctTable.c:31: error: 'ASN_IPADDRESS' undeclared (first use in this function) ipAcctTable.c:36: error: 'ipAcctTable_get_first_data_point' undeclared (first use in this function) ipAcctTable.c:37: error: 'ipAcctTable_get_next_data_point' undeclared (first use in this function) ipAcctTable.c:38: error: 'ipAcctTable_free' undeclared (first use in this function) ipAcctTable.c:46: error: 'ipAcctTable_load' undeclared (first use in this function) ipAcctTable.c:46: error: 'ipAcctTable_free2' undeclared (first use in this function) ipAcctTable.c: At top level: ipAcctTable.c:54: error: expected ')' before '*' token ipAcctTable.c:62: error: expected ')' before '*' token ipAcctTable.c:67: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token ipAcctTable.c:86: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token ipAcctTable.c:113: warning: 'struct netsnmp_iterator_info_s' declared inside parameter list ipAcctTable.c:113: warning: its scope is only this definition or declaration, which is probably not what you want ipAcctTable.c:119: error: expected ')' before '*' token make[2]: *** [ipAcctTable.lo] 오류 1 make[2]: Leaving directory `/usr/local/src/ipaccttable/src' make[1]: *** [all-recursive] 오류 1 make[1]: Leaving directory `/usr/local/src/ipaccttable' make: *** [all] 오류 2

 

아래 에러는

 - yum install iptables-devel*  로 해결 가능할듯? 하다

 

kernel: snmpd[2897]: segfault at 0000000100000030 rip 00002aaaae945faa rsp 00007fffcf9dd290 error 4

 

vim /etc/snmp/snmpd.conf

# 원격 com2sec managed  아이피  커뮤니티값 # 로컬 (자기자신) com2sec managed  localhost 커뮤니티값 # 기본설정 group   ManagedGroup usm          managed view all    included  .1                              80 access  ManagedGroup ""      any       noauth    exact  all all none 아래와 같이 절대경로로 써줘도 되고 상대경로로 적어줘도 됨.... 상대경로가 안되면 절대경로로 해보자~~   dlmod ipAcctTable /usr/lib/snmp/dlmod/ipaccttable.so #dlmod ipDntrTable /usr/lib/snmp/dlmod/ipdntrtable.so #dlmod ipEntrTable /usr/lib/snmp/dlmod/ipentrtable.so #dlmod ipAcctTable ipaccttable #dlmod ipDntrTable ipdntrtable #dlmod ipEntrTable ipentrtable

iptables 예제

*filter :INPUT ACCEPT [215:17180] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [147:11940] :NOT_KR_FORWARD - [0:0] -A NOT_KR_FORWARD -s 아이피 -A NOT_KR_FORWARD -d 아이피 COMMIT

대략 설치 및 셋팅이 완료된 듯 하다면 SNMP 데몬을 재시작하고

[root@localhost ipaccttable]# /etc/init.d/snmpd restart snmpd 를 정지 중:                                          [  OK  ] snmpd (을)를 시작 중:                                      [  OK  ]

SNMPWALK 명령어로 확인가능하다 (뭐든지 출력이 되어야 된다)

[root@localhost ipaccttable]# snmpwalk -v2c -c 커뮤니티값 localhost 1.3.6.1.4.1.14274 SNMPv2-SMI::enterprises.14274.2.1.1.1.2.아이피거꾸로출력 = Counter64: 0 SNMPv2-SMI::enterprises.14274.2.1.1.1.3.아이피거꾸로출력 = Counter64: 0 SNMPv2-SMI::enterprises.14274.2.1.1.1.4.아이피거꾸로출력 = Counter64: 0 SNMPv2-SMI::enterprises.14274.2.1.1.1.5.아이피거꾸로출력 = Counter64: 0

ipaccttable OID 하나 더 생성하기

 

설치 파일에서 oid값 및 명칭 바꾸어주기 (기본이 14274 라면)

 

아래와 같이 검색해서 파일 이름 및 내용소스 부분을 찾은후

grep -r 14274 ./*  grep -r ipccttable ./*

 

아래와 같이 파일 이름 및 내용을 변경해주면 되는데 (변경하기 전에 기존 디렉토리 미리 백업해두고 작업 진행하자)

14274 → 14275 ipaccttable → ipcntrtable

바꾸고 난뒤 다시 설치 했을때 에러가 나지 않으면 정상입니다.