Manual:IP/Accounting
Applies to RouterOS: 2.9, v3, v4, v5+
Summary
Authentication, Authorization and Accounting feature provides a possibility of local and/or remote (on RADIUS server) Point-to-Point and HotSpot user management and traffic accounting (all IP traffic passing the router is accounted; local traffic acocunting is an option).
Specifications
Packages required: system License required: Level1 Submenu level: /ip accounting Hardware usage: Traffic accounting requires additional memory
Local IP Traffic Accounting
Sub-menu: /ip accounting
As each packet passes through the router, the packet source and destination addresses are matched against an IP pair list in the accounting table and the traffic for that pair is increased. The traffic of PPP, PPTP, PPPoE, ISDN and HotSpot clients can be accounted on per-user basis too. Both the number of packets and the number of bytes are accounted.
If no matching IP or user pair exists, a new entry will be added to the table.
Only the packets that enter and leave the router are accounted. Packets that are dropped in the router are not counted. Packets that are NATted on the router will be accounted for with the actual IP addresses on each side. Packets that are going through bridged interfaces (i.e. inside the bridge interface) are also counted correctly.
Traffic, generated by the router itself, and sent to it, may as well be accounted.
Properties
| Property | Description |
|---|---|
| account-local-traffic (yes |no; Default: no) | whether to account the traffic to/from the router itself |
| enabled (yes |no; Default: no) | whether local IP traffic accounting is enabled |
| threshold (integer; Default: 256) | maximum number of IP pairs in the accounting table (maximal value is 8192) |
Notes
For bidirectional connections two entries will be created.
Each IP pair uses approximately 100 bytes
When the threshold limit is reached, no new IP pairs will be added to the accounting table. Each packet that is not accounted in the accounting table will then be added to the uncounted counter!
Local IP Traffic Accounting Table
Sub-menu: /ip accounting snapshot
When a snapshot is made for data collection, the accounting table is cleared and new IP pairs and traffic data are added. The more frequently traffic data is collected, the less likelihood that the IP pairs thereshold limit will be reached.
Properties
All properties are read-only.
| Property | Description |
|---|---|
| bytes (integer) | total number of bytes, matched by this entry |
| dst-address (IP address) | destination IP address |
| dst-user (text) | recipient's name (if applicable) |
| packets (integer) | total number of packets, matched by this entry |
| src-address (IP address) | source IP address |
| src-user (text; Default: ) | sender's name (if aplicable) |
Notes
Usernames are shown only if the users are connected to the router via a PPP tunnel or are authenticated by HotSpot.
You should "take" snapshot in order to review the current state of the table by issueing the take command. Before the first snapshot has been taken, the table is empty.
Web Access to the Local IP Traffic Accounting Table
Sub-menu: /ip accounting web-access
The web page report make it possible to use the standard Unix/Linux tool wget to collect the traffic data and save it to a file or to use MikroTik shareware Traffic Counter to display the table. If the web report is enabled and the web page is viewed, the snapshot will be made when connection is initiated to the web page. The snapshot will be displayed on the web page. TCP protocol, used by http connections with the wget tool guarantees that none of the traffic data will be lost. The snapshot image will be made when the connection from wget is initiated. Web browsers or wget should connect to URL: http://routerIP/accounting/ip.cgi
Properties
| Property | Description |
|---|---|
| accessible-via-web (yes | no; Default: no) | whether the snapshot is available via web |
| address (IP address/netmask; Default: 0.0.0.0/0) | IP address range that is allowed to access the snapshot |
Uncounted Connections
Sub-menu: /ip accounting uncounted
In case no more IP pairs can be added to the accounting table (the accounting threshold has been reached), all traffic that does not belong to any of the known IP pairs is summed together and totals are shown in this menu
Properties
All properties are read-only.
| Property | Description |
|---|---|
| bytes (integer) | byte count |
| packets (integer) | packet count |
Examples
To take a new snapshot:
[admin@MikroTik] ip accounting snapshot> take [admin@MikroTik] ip accounting snapshot> print # SRC-ADDRESS DST-ADDRESS PACKETS BYTES SRC-USER DST-USER 0 192.168.0.2 159.148.172.197 474 19130 1 192.168.0.2 10.0.0.4 3 120 2 192.168.0.2 192.150.20.254 32 3142 3 192.150.20.254 192.168.0.2 26 2857 4 10.0.0.4 192.168.0.2 2 117 5 159.148.147.196 192.168.0.2 2 136 6 192.168.0.2 159.148.147.196 1 40 7 159.148.172.197 192.168.0.2 835 1192962 [admin@MikroTik] ip accounting snapshot>
Enable IP accounting::
[admin@MikroTik] ip accounting> set enabled=yes
[admin@MikroTik] ip accounting> print
enabled: yes
account-local-traffic: no
threshold: 256
[admin@MikroTik] ip accounting>
To enable web access from 10.0.0.1 server only:
[admin@MikroTik] ip accounting web-access> set accessible-via-web=yes \
\... address=10.0.0.1/32
[admin@MikroTik] ip accounting web-access> print
accessible-via-web: yes
address: 10.0.0.1/32
[admin@MikroTik] ip accounting web-access>
See the uncounted packets:
[admin@MikroTik] ip accounting uncounted> print
packets: 0
bytes: 0
[admin@MikroTik] ip accounting uncounted>