Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TRAFD(8)		  BSD System Manager's Manual		      TRAFD(8)

NAME
     trafd	-- ip traffic collector	daemon.

     trafdump	-- Script to dump current traffic to disk.
     trafsave	-- Script to save current traffic to disk.
     trafstart	-- Startup script for trafd.
     trafstop	-- Shutgown script for trafd.
     trafd.sh	-- Start/stop script for trafd,	placed to the `local startup
		directory' (*/rc.d).

SYNOPSIS
     trafd [-dOprVX] [-c count]	[-i iface] [-f ext] [-F	file | expr]

     trafdump [All | iface [...]]
     trafsave [All | iface [...]]
     trafstart [All | iface [...]]
     trafstop [All | iface [...]]
     trafd.sh start | stop

DESCRIPTION
     Trafd daemon listen specified interface and summ all ip packet sizes and
     sub-protocol data frame length (tcp, udp, icmp, igmp and other, listed in
     /etc/protocols protocols(5), or, if sub-protocol unknown, ip data frame
     length).

     Trafd use Berkeley	Packet Filter mechanism: open pseudo-device /dev/bpf*
     (see bpf(4)), read	from it	all ip packets and store into internal table
     following information:
     +o	 source	hostname or ip address
     +o	 source	ip port	name or	number (not stored with	-X option)
     +o	 destination hostname or ip address
     +o	 destination ip	port name or number (not stored	with -X	option)
     +o	 protocol name
     +o	 protocol data frame length
     +o	 ip packet length (this	is ip traffic value)

     trafd store buffer	to `dump' file on the SIGHUP signal (used in trafdump
     script). Also it append traffic table to `save' file and clear table
     where received the	SIGINT signal (this used in trafsave script).

     trafd records its process ID in the file /var/run/trafd._iface_ to	assist
     dumping, saving and quitting.

   Usage
     Trafd is full-blooded daemon. After run it	self-detached from the tty and
     running in	background.

     Good idea is using	startup	script for launch trafd	in boot	time.  This
     method implemented	in trafd.sh, using the rc.d mechanism (see
     /usr/local/etc/trafd.sh).

     Into BPFT programs	set also included two scripts: trafstart and trafstop
     (see /usr/local/bin/trafstart and /usr/local/bin/trafstop).

   Logging
     trafd use the system logger daemon	syslogd	(see syslogd(8)) for the log-
     ging various information.

     Thus, it use options LOG_PID for log the process id and LOG_CONS for if
     cannot pass the message to	syslogd	it will	attempt	to write the message
     to	console, use facility `daemon' and levels `info', `notice', `warning'
     and `error'.  (Facility defined in	include/traffic.h, see
     SYSLOG_FACILITY.)

     If	you want additional information	about condition	of your	daemon,	i.e.
     what is it	doing and how do it do,	then you should	set syslog message
     level in your syslog.conf up to 'info'.

   Warnings and	recommendations.
     Before use	of the trafd make sure that bpf	support	included into kernel
     and device	/dev/bpf0 (/dev/bpf1, ...) is exist (analogous requrements to
     the tcpdump, see tcpdump(1)).

     You must launch trafd from	root or	other user with	writing	right to
     /dev/bpf* devices.

     We	recomend: more often invoke trafdump via cron (see cron(8)) to avoid
     loss data as a result of system crash and invoke trafsave one per day
     (for example, using periodic (see periodic(8)) or /etc/daily.local) to
     have log file aligment by days. Log file is binary	file with little size,
     average size per day approximate to several kilobytes.

     Configure syslogd for collect trafd messages into /var/log/trafd.log
     (common for trafstart & other scripts), for example:
	   !trafd
	   *.*	/var/log/trafd.log

     After system crash	(power drop & etc) need	remove PID file: insert	into
     one of the	startup	scripts	(usually rc.local) line	like this:
	   rm /var/run/trafd.ed1

OPTIONS
     -c	count	 Collate count number of packets and exit.

     -i	iface	 Interface name	to listen. Current supported types: ethernet,
		 slip, ppp, loopback (see details in pcap(3) and tcpdump(1)
		 man pages). See also ENVIRONMENT section of this man page.

     -f	ext	 Specify extension for traffic save & dump files (interface
		 name by default).

     -d		 Print compiled	packet-matching	code and exit (see tcpdump(1)
		 for details).

     -F	file	 File with packet filter expression.

     -m	minsize	 Minimal record	summary	size for save into file	with collected
		 traffic via trafsave. Records with values less	minsize	in the
		 'all' field summ to one and saved to last record (for de-
		 crease	file size).  Default value is 1024 bytes.

     -O		 Turn off the packet-matching code optimizer (see pcap(3) for
		 details).

     -p		 Don't put the interface into promiscuous mode (don't effect
		 to point-to point links, effected to the ethernet).

     -r		 Attempt to resume data	from dumped file if exist.

     -V		 Print version number and exit.

     -X		 Use only ip information (don't	store ports and	protocol,
		 store ip data frame lenght in the `Data' field).

     expr	 Packet	filter expression (see tcpdump(1) for details).

EXIT STATUS
     1	  Error	(file not found, permissions denied & etc.)
     0	  Normal program complete: daemon started.
     127  Illegal command line parameter(s).

SIGNALS
     SIGHUP   Backup collected traffic records into dump file.
     SIGINT   Append collected traffic records into save file.
     SIGTERM
     SIGQUIT  Backup traffic and exit.

ENVIRONMENT
     IFF_LISTEN	 Set the name of the network interface for listen, same	as `-i
		 iface'	and -i overwrite it's value.

FILES
     /var/log/trafd.log
	  Log file for trafstart, trafstop and trafd.sh

     /var/trafd/trafd.*
	  Files	with saved traffic statistic tables (binary).

     /var/trafd/tmp/trafd.*
	  Files	with traffic dumps (binary).

     /var/tmp/trafd.*
	  Sockets for send data	to trafstatd & etc. This files may be deleted
	  at boot-time tmp cleaning process

     /var/run/trafd.*
	  Trafd	PID files

EXAMPLES
COMPATIBILITY
     Version 4.0 of the	trafd store traffic information	in incompatible	format
     with previous versions. (Hoverer if trafd compiled	with #define
     LAYOUT=OLD	then it	use compatible with previous version format).

     Tested on:	BSDI BSD/386 1.0 (BPFT versions	1.0-2.0), FreeBSD 2.2.8	(BPFT
     version 2.0), FreeBSD 3.0 and above, FreeBSD 4.0 and above	(BPFT version
     3.0 and above).

     BPFT versions 3.*,	4.* work only on FreeBSD 3.0 and above:	requred	li-
     brary pcap	(see pcap(3)) don't present in previous	versions of the
     FreeBSD.

SEE ALSO
     traflog(1), trafstatd(8), trafstat(1), trafshow(1), bpf(4).

AUTHORS
     Vladimir Vorobyev <bob@turbo.nsk.su>
	   autor of the	BPFT project, versions 1.0..2.0
     Vitaly V. Belekhov	<vitaly@riss-telecom.ru>
	   3.0 release
     Stas Degteff <g@grumbler.org>
	   4.0 release,	man pages

BUGS
     If	trafd run on the slow, very busy computer or very fast ip channel then
     it	can't read all packets from kernel and some packets is dropped.	Trafd
     check this	on each	dump/save event	and store dropped packets quantity to
     log (if to	sislog's then write on `error' level).

BSD			      September	11, 2001			   BSD

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | SIGNALS | ENVIRONMENT | FILES | EXAMPLES | COMPATIBILITY | SEE ALSO | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=trafd&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help