[Resolved] Log volume of traffic tunneled by a user

[TJNII]

So more adventures in policy compliance:

Corporate IT requires that, per session, VPN servers log the "volume of session traffic." I don't see any openVPN options to do this directly, so I can think of two options:
1) set verb 6 and log all the packets. This meets the reqs assuming they'll accept a packet count as a metric. It is also very noisy and I'd like something a little cleaner.
2) Use a script to pull the data out of ifconfig tun#. This is great if I'm routing, however I'm bridging for failover and to eliminate the need for NAT. My understanding is that, when bridging, the tap adapter is shared by all the clients. I've checked this experimentally, which means that I can't use this method to get per-session metrics when bridging.

Is there a openVPN option that can track this? Are there other workarounds I haven't thought of? Thanks.

[janjust]

do you need to log the amount of data, or the actual data?

to log the amount of data, use the openvpn 'status' file.
to log the actual data, 'verb 6' or a packet sniffer is required.

[maikcat]

i have the feeling that you want to implement
some type of volume traffic...

if yes you simply look for amount of data,not data it self.

Michael.

[TJNII]

Status is giving me the info I want, and sending openvpn SIGUSR2 gives it in the manner I want.

Hooking into the --down-pre hook seems to be a graceful solution here, as it should cause the info I want to be written to syslog on connection close. I'm having difficulty with this, though, but I've opened another thread on it.

[TJNII]

My final solution was to call this script on client-disconnect

Code: Select all

#!/bin/bash
# logTraffic.sh: Generate a log entry with IT mandated fields
# 12/23/11 Tom Noonan II <Email Removed>

## Mandatory variables
sessionStart="UNSET"
clientHostAddress="UNSET"
clientUID="UNSET"
sessionDuration="UNSET"
txVolume="UNSET"
rxVolume="UNSET"

## Parse variables

if [ ! -z "$time_ascii" ]; then
        sessionStart=$time_ascii
fi

if [ ! -z "$trusted_ip" ]; then
        clientHostAddress=$trusted_ip
fi

if [ ! -z "$username" ]; then
        clientUID=$username
fi

if [ ! -z "$time_duration" ]; then
        sessionDuration=$time_duration
fi

if [ ! -z "$bytes_sent" ]; then
        txVolume=$bytes_sent
fi

if [ ! -z "$bytes_received" ]; then
        rxVolume=$bytes_received
fi

## Send to syslog
logger -t openvpn -- "Client Disconnect: Username: $clientUID HostIP: $clientHostAddress"
logger -t openvpn -- "Session Duration: $sessionDuration seconds opened at $sessionStart"
logger -t openvpn -- "Session Traffic: TX: $txVolume bytes RX: $rxVolume bytes"

That sends the info to syslog, so I can use syslog servers instead of log files.

[Mimiko]

Please write a tutorial about what you accomplished and what did you do from the standard configuration to achieve this.

[dhruvpandit]

yeah, a tutorial will be helpful to all

[DarwinDuck]

Hi,

Does anyone one have a solution for capping the data transfer on an openvpn user connection to a set value for that user?

Thanks.

[DarwinDuck]

My final solution was to call this script on client-disconnect

Code: Select all

#!/bin/bash
# logTraffic.sh: Generate a log entry with IT mandated fields
# 12/23/11 Tom Noonan II <Email Removed>

## Mandatory variables
sessionStart="UNSET"
clientHostAddress="UNSET"
clientUID="UNSET"
sessionDuration="UNSET"
txVolume="UNSET"
rxVolume="UNSET"

## Parse variables

if [ ! -z "$time_ascii" ]; then
        sessionStart=$time_ascii
fi

if [ ! -z "$trusted_ip" ]; then
        clientHostAddress=$trusted_ip
fi

if [ ! -z "$username" ]; then
        clientUID=$username
fi

if [ ! -z "$time_duration" ]; then
        sessionDuration=$time_duration
fi

if [ ! -z "$bytes_sent" ]; then
        txVolume=$bytes_sent
fi

if [ ! -z "$bytes_received" ]; then
        rxVolume=$bytes_received
fi

## Send to syslog
logger -t openvpn -- "Client Disconnect: Username: $clientUID HostIP: $clientHostAddress"
logger -t openvpn -- "Session Duration: $sessionDuration seconds opened at $sessionStart"
logger -t openvpn -- "Session Traffic: TX: $txVolume bytes RX: $rxVolume bytes"

That sends the info to syslog, so I can use syslog servers instead of log files.

TJNII I would like to do exactly this .. can you elaborate on your solution?

[csibe]

I have also written a script which doing the same. When the user disconnects it writes the datas to a txt file.
By the way i made it a little bit better, rewrite it in PHP then now my script doint the sama and writes the data to an SQL database.

If needed i can make tutorial.

[John Smith]

Hello

What is the most efficient way to count traffic from Management terminal?

Right now i count data with status command (BytesReceived, BytesSent)