Lightwrapper is a small (installation deb less than 50k) linux ip v4 traffic accounting system. Name lightwrapper comes from lightsquid wrapper. It uses netflow for collect network data and provide web gui over modified lightsquid for show statistics and user management. Squid and dig may be connected for more detailed reports. Users may be authenticated with: ip, mac or both ip+mac.
lw-daemon
lightwrapper daemon script. It performs several functions:
watches for arp cache and changes ipset sets with dynamically ip-
adresses
save log file with ip-addresses changes for lw-export utility
runs lw-refresh for apply changes in ipset sets on signal from lw.cgi script.
lw-refresh
changes ipset sets for etc/lightwrapper/users changes.
lw-export
lw-export runs by flow-capture daemon and export netflow data into
lightsquid reports
lw-geniprules
generates iptables rules for lightwrapper. Script add own rules to already existing and show warning if any issues occurs.
startup scripts:
/etc/init.d/lw-daemon
used for start lw-daemon at system startup.
/etc/init.d/iptables-persistent
used for restore iptables rules at system startup.
cgi:
lw.cgi
all-in-one cgi script. It used for all user management actions, for gui navigation and for patching some lightsquid functionality.
lightsquid integration:
lightwrapper template
html template used for gui. You must not use old lightsquid templates since lightwrapper incompatible with it.
language files
lightwrapper incompatible with native lightsquid language files.
other:
shared lib
used by all scripts.
documentation and examples
Security.
This software not intended to be secure, install it to trusted environment and restrict access to web gui. It runs ipset, conntrack, iptables-save and maybe other tools from PATH with root privilegies.
Using alternative parser.
Lightwrapper uses own parser which converts data from flow-capture directly into lightsquid reports. If you wish you may use native lightsquid parser through wrapper. In that case lw-export exports data into squid-like access.log file and once per day run wrapper which run native lightsquid parser. For using alternative parser, you must:
Put wrapper script lw-parser which resides in doc/examples dir into PATH.
Put next options in lightwrapper config file: realtime_parser = false
Define full path of lightparser in config file by next option: lightparser = '/usr/share/lightsquid/lightparser.pl'
You must manually configure log rotation with daily periodicity. Log files stores in /var/log/lightwrapper/access.log. You may compress old logs if you wish with gzip or bzip2. You must store at least 1 old log file.
Statistics will be flush once per day. If you want to flush statistics more often then put lw-parser in cron. File access.log appends by default once per 15 munutes (changes with flow-capture settings).
Why lightwrapper uses own parser instead of lightsquid parser? Lightsquid parser needs more time since it uses additional unit - access.log. And even more time since access.log is fully reanalyzed every time when parser runs.
Why native lightsquid parser run through wrapper lw-parser?
Lightsquid parser has error and skip some data (6 hours of statistics every day is skipped in debian). Wrapper patches this error. Also wrapper patches lightsquid report for divide RX and TX data.
Description.
Lightwrapper is a small (installation deb less than 50k) linux ip v4 traffic accounting system. Name lightwrapper comes from lightsquid wrapper. It uses netflow for collect network data and provide web gui over modified lightsquid for show statistics and user management. Squid and dig may be connected for more detailed reports. Users may be authenticated with: ip, mac or both ip+mac.
You may see live demo here.
You may setup only some parts of lightwrapper if you not want use all of this.
System requirements.
PC with 2 network interfaces and any linux distribution installed. Debian-based linux distribution is recommended.
Installation.
Configuration.
Other.
Lightwrapper internals.
Lightwrapper consists from next parts:
lightwrapper daemon script. It performs several functions:
adresses
changes ipset sets for etc/lightwrapper/users changes.
lw-export runs by flow-capture daemon and export netflow data into
lightsquid reports
generates iptables rules for lightwrapper. Script add own rules to already existing and show warning if any issues occurs.
used for start lw-daemon at system startup.
used for restore iptables rules at system startup.
all-in-one cgi script. It used for all user management actions, for gui navigation and for patching some lightsquid functionality.
html template used for gui. You must not use old lightsquid templates since lightwrapper incompatible with it.
lightwrapper incompatible with native lightsquid language files.
used by all scripts.
Security.
This software not intended to be secure, install it to trusted environment and restrict access to web gui. It runs ipset, conntrack, iptables-save and maybe other tools from PATH with root privilegies.
Using alternative parser.
Lightwrapper uses own parser which converts data from flow-capture directly into lightsquid reports. If you wish you may use native lightsquid parser through wrapper. In that case lw-export exports data into squid-like access.log file and once per day run wrapper which run native lightsquid parser. For using alternative parser, you must:
realtime_parser = false
Define full path of lightparser in config file by next option:
lightparser = '/usr/share/lightsquid/lightparser.pl'
Statistics will be flush once per day. If you want to flush statistics more often then put lw-parser in cron. File access.log appends by default once per 15 munutes (changes with flow-capture settings).
Why lightwrapper uses own parser instead of lightsquid parser? Lightsquid parser needs more time since it uses additional unit - access.log. And even more time since access.log is fully reanalyzed every time when parser runs.
Why native lightsquid parser run through wrapper lw-parser?
Lightsquid parser has error and skip some data (6 hours of statistics every day is skipped in debian). Wrapper patches this error. Also wrapper patches lightsquid report for divide RX and TX data.
Related
Wiki: Configure dependencies.
Wiki: Configure lightwrapper.
Wiki: Install stable version.
Wiki: Install unstable version.
Last edit: Grigoriy Bilichenko 2014-12-18