Net-Acct is a user-space daemon which generates log files of network traffic for accounting purposes. Initially created by Ulrich Callmeier, it is now worked upon occasionally by a team of volunteers on the list net-acct@CoLi.Uni-SB.DE, questions are best asked there or net-acct@exorsus.net.
News (last updated Oct 19 2005)
Sven Anderson has ported net-acct 0.71 libc5 to OpenBSD, and in the process fixed some bugs and added some features. At this time I am unable to test the resulting version on any platforms, and we do not have a modified patch to support the bug fixes and features on the glibc version so it is being released as a simple patch, not a new release. That said, I highly recommend using the patch if you are able, and if anyone can devote some dev time to parsing out the relevant pieces and making it testably work for the glibc version as well that'd be great.
Of additional note is that the patch may break HUMAN READABLE time, this may not concern most people but if someone could fix that as well it'd be cool. Patch is available: net-acct-0.71-libc5-sa.patch.gz. Many thanks to Sven for the work!
Sept 10, 2004:
SECURITY: Stefan Nordhausen has identified a local security hole in net-acct (all versions). It appears to be some redundant code from some time way back in the past although I'm not entirely sure. I have removed the code, since it doesn't actually appear to do anything other than create and delete a file that is referenced nowhere else. Use the patch at your own risk, until I've had some feedback telling me it works.
For much of the functionality provided by net-acct, an alternative, http://savannah.nongnu.org/projects/ulog-acctd, exists which is considerably better at catching all the relevant packets. For the majority of problems it should be considered the preferable solution to net-acct (assuming you're on a linux 2.4 kernel of course :)
http://netacct-mysql.sourceforge.net/ is a fairly new project which is creating a completely mysql-customised version of net-acct. There's obviously a popular niche here since there seem to be a fair number of people contributing. Users looking to put their data straight into MySQL may well be served by taking a look.
Thomas Prokosch kindly donated another log summary script which can be found at http://www.nadev.net/thomas/projects/nacctstats/
Marc Haber has made available a patch for a locking problem within net-acct. If you are suffering from rare situations in which net-acct seems to spin out and grab all available cpu, this may well help.
0.71 is now the latest version, changes: A patch for a small bug in the Localtime handling for those using the HUMAN_READBLE define.
We have a debian package available, thanks to Bernd Eckenfels
Known bugs
- No manpage
- Name based framing detection. Now, to be honest, I don't have a great idea of what exatly "framing" is, in this context, but if you know, tell me, or I'll end up figuring it out for myself when the bug list begins to annoy me :)
- Reverse masq tracking (includes patch) hopefully will go into the next version, or something :)
PLEASE NOTE The README file in the archive is out of date in some aspects, it is included for completeness however contact names, mailing list signups etc are incorrect.
Source Code