Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!inquo!in-news.erinet.com!imci5!pull-feed.internetmci.com!news.internetMCI.com!newsfeed.internetmci.com!swrinde!elroy.jpl.nasa.gov!lll-winken.llnl.gov!parc!fenner From: fenner@parc.xerox.com (Bill Fenner) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: FreeBSD and network accounting Date: 5 May 1996 18:16:43 GMT Organization: Xerox Palo Alto Research Center Lines: 19 Message-ID: <4mirac$481@news.parc.xerox.com> References: <4lgfmj$n64@narses.hrz.tu-chemnitz.de> <Pine.LNX.3.92.960424084114.105B-100000@benjy.csn.tu-chemnitz.de> <830348589.3000@arg1.demon.co.uk> <Pine.LNX.3.92.960425122633.110A-100000@benjy.csn.tu-chemnitz.de> NNTP-Posting-Host: crevenia.parc.xerox.com In article <Pine.LNX.3.92.960425122633.110A-100000@benjy.csn.tu-chemnitz.de>, Michael Hasenstein <mha@informatik.tu-chemnitz.de> wrote: >tcpdump is useless for us, just believe it. I just read the README for net-acct, and from its example of the output, "tcpdump -ttqnp -i xxx" looks like it gives almost exactly the same output, with only some postprocessing needed if you really need it to be in the same format. >So my (now more specific) question is: What do I have to change in the >sources in order to not only be able to compile nacctd (we did that) but >to get it working! Looks to me like you need to write a "capture-freebsd.c", for which you'd probably use the BPF interface. FreeBSD doesn't have the SOCK_PACKET socket type, so the code will be significantly different (but will probably be portable to many more systems when you're done). Bill