NeTAMS - Network Traffic Accounting and Monitoring Software.
netams [-dlq] [ -f <config-file> ]
NeTAMS is a Network Traffic Accounting and Monitoring Software. It
works as a daemon for FreeBSD, Linux and Solaris operating systems.
Supported traffic information sources are
tee/divert/ip_queue/libpcap/netflow v5; storages are
BerkleyDB/MySQL/PostgresSQL. Various aggregation, vizualisation and
notification ways are implemented. Authorization, quotas, bandwidth
control, flexible accounting and blocking policies are also here.
-d do not become daemon
config-file specifies an alternate configuration file to use.
-l turn logging to file on
-L turn logging to syslog on
pid-file specifies an alternate pid file to use.
-P do not create a pid file (by default, pid file created while
options -l or -L used)
-q do not produce any output
You can run NeTAMS in three different modes depending on data source
libpcap allows you to capture all traffic on specified interface,
exactly as tcpdump does.
netflow collects all NetFlow v5 UDP packets coming from Cisco router or
external flow producer like flowprobe/ipfw2netflow/ng_netflow. You
don’t need in any additional system features to run libpcap or netflow
accounting, but you cannot do any filtering with these data sources.
divert or ipq captures all IP traffic going via your UNIX router, and
you need to prepare system for that.
If you system is FreeBSD, your kernel configuration must have:
otherwise you will be not able to pass data packets to the program.
Type "dmesg" and have a look.
If you have Linux, you must use kernels 2.4.* or above, and iptables.
Your system must have netfilter package and libipq library properly
installed; both are typically not in a default installation. You should
visit http://www.netfilter.org site, read the documentation, download,
install it and rebuild a kernel. Or at least check ’modprobe ip_queue’.
For a serious work, install the SQL database, http://www.mysql.com or
http://postgresql.org, and do not use unix hash database from libdb
(also supported by NeTAMS).
SIGHUP or SIGUSR1 will cause log file to be closed and opened again.
Useful for logrotate.
will terminate the program safely.
/var/lib/netams/netams.conf (symlink /etc/netams/netams.conf points to
Main configuration file.
Anton Vinokurov <firstname.lastname@example.org>, Yuriy Shkandybin <email@example.com>
24 November 2004