logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

nacctd - network accounting daemon

Contents

Authors

       Ulrich Callmeier

       Richard Clark <rclark@ethos.co.nz>

       This manual page was written by Alex King <alex@king.net.nz>, for  the  Debian  GNU/Linux  system,  using
       material from the original documentation.

                                                   16 Dec 2001                                         nacctd(8)

Caveats

       This manual page is incomplete, and possibly inaccurate.

Configuration File Options

flush<n>
              Flush  every n seconds. This gives the interval in seconds when the accumulated data is flushed to
              the output file. Typically set to 300 (five minutes).

       fdelay<n>
              This defines after how many seconds of inactivity a certain record of traffic information  may  be
              written  out.  This  helps  making  the  log  files  smaller  since only one output record will be
              generated for related traffic.  Typically set to 60 seconds.

       file<f>
              Specifies the main output file for the daemon to log network traffic to.

       dumpfile<f>
              Specifies a file to dump data to that is not yet written to the main  output  file.   This  is  to
              prevent data loss should a crash occur.  On startup an existing file of this name will be moved to
              <f>.o

       notdev<interface>
              Don't log entries for this interface.

       device<interface>
              Specifies a network interface to put into promiscuous mode.

       iflimit<interface>
              Log only packets on this interface.  Mutually exclusive with hostlimit.ignoremask<netmask>
              Specifies  a netmask (in dotted quad format) for which traffic is ignored.  This allows traffic on
              the local LAN to be excluded.

       ignorenet<network><netmask>
              Ignore traffic on this network. Ignoring a net with ignorenet is not as efficient  as  ignoremask.
              Thus you should exclude your local network with ignoremask in preference to ignorenet.

       masqif<ipaddr>
              Specifies  an  ip  number  we  are masquerading as.  This re-maps ip/port for incoming connections
              (e.g. FTP-data) to ip/port of the masqueraded destination.

       debug<n>
              Sets the debugging level to <n>.

       headers<interface-type><data-start><type-field>
              Defines where the real data starts for each type of interface.  <interface-type> is  one  of  eth,
              lo,  plip,  isdn  etc.  <data-start> is the offset in bytes to the start of the real data.  <type-field> is the offset of the type field in bytes, or a 0 if there is no type field.  If SLIP or PPP
              devices are specified here, association of dynamic ip addresses with  usernames  won't  work  (see
              dynamicip below).

       dynamicip<dir>
              Specifies  a  directory  to get username information from, where users are logged into ppp or slip
              accounts and assigned dynamic ip addresses.  The directory should contain a file for  each  logged
              in user, where the filename is their IP address, and the file contains their username.  Typically,
              these files will be created by ip-up scripts.

       dynamicnet<network><netmask>
              Specifies the network the slip/ppp dynamic ips are assigned from.

       exclude-name-lookup<network><netmask>
              Specifies a (sub)net to exclude from dynamic ip name lookup.

       hostlimit<ipaddr>
              Log  only  packets  to/from  this  host.  This may be specified multiple times for multiple hosts.
              This option is mutually exclusive with iflimit.

       disable<n>
              Don't include field <n> in the output format.

       dontignore<network><netmask>
              Don't ignore hosts on the specified (sub)net  that  would  otherwise  have  been  excluded  by  an
              ignorenet  statement.   This  can be a useful to account for proxy traffic by specifying the proxy
              servers' subnet.

       line<interface><device>
              Specifies fixed mapping of slip/ppp interface names to  tty  devices.   This  is  used  to  assign
              traffic to a user if nacctd runs on the ppp/slip server and the relation between network interface
              and serial line is fixed.  This option is obsolete.

Description

       The  network  accounting  daemon  logs  network  traffic  in  a  format  suitable  for generating billing
       information  or  usage  statistics.   nacctd  listens  on  network  interfaces  and  periodically  writes
       information to a log file.

       nacctd is configured by editing its configuration file, /etc/nacctd.conf.

Files

       /etc/nacctd.conf
              Configuration file

       /var/log/net-acct
              Default location for the main output file

       /var/log/net-acct-dump
              Default location for the dump of data not yet written to the main file.

Name

       nacctd - network accounting daemon

Options

-d     This will let nacctd run in debug mode

       -D     This will make nacctd not to detach as a daemon, suitable for running it from inittab.

       -cconfigfile Specify the path of an alternative config file.

Output File Format

       The output file consists of lines with up to 10 fields, or less if the configuration file disables one or
       more fields.

       timestampprotocolsrc-addrsrc-portdst-addrdst-portcountsizeuserinterfacetimestamp
              Time in seconds past the epoch (standard UNIX time format)

       protocol
              IP protocol

       count  count of packets

       size   size of data

       user   associated user in case of a slip/ppp link, this will always be "unknown" for other interfaces.

       If the type is an ICMP message, field 4 is the ICMP message type and field 6 is the ICMP message code.

       Please note that for forwarded packets there will be one line for EACH interface the packet passed. So if
       you  are  running  this  on your slip-server you will get all the traffic over the slip interfaces TWICE,
       once for the sl* devices and once for the eth* device. The same  goes  for  ppp  and  generally  for  all
       forwarded  traffic.   You can specify with 'notdev' entries which interfaces you don't want to see in the
       log.

See Also

       /usr/share/doc/net-acct/*, tcpdump(8), trafshow(1).

Synopsis

nacctd[-dD][-cfilename]

See Also

Filing
Filing PNG Icons
Traffic
Traffic PNG Icons
Network
Network PNG Icons
Man Pages
gitignore Man Pages
Man Pages
output Man Pages
Data
Data PNG Icons
Man Pages
slip Man Pages
TLDR
Libinput - interface with input devices Tldr
← View System admin Category← Back to Network configuration🙏  Credits & Acknowledgments