一、ip accounting
    1、配置方法
    router(config)#int s 0/0
    router(config-if)#ip accounting output-packets
    router#sh ip accounting output-packets
    Source Destination Packets Bytes
    192.1.1.110 192.1.1.97 5 500
    172.17.246. 128 192.1.1.110 8 704
    Accounting data age is 2d23h
    或者
    router(config)#int s 0/0
    router(config-if)#ip accounting access-violations
    router#sh ip accounting [checkpoint] access-violations
    Source Destination Packets Bytes ACL
    192.1.1.110 224.0.0.5 46 3128 19
    Accounting data age is 7
    2、說(shuō)明
    · 基于地址對(duì)的字節(jié)數(shù)量及數(shù)據(jù)包數(shù)量統(tǒng)計(jì)
    · 通常只支持outbound的數(shù)據(jù)包，及被ACL拒絕的數(shù)據(jù)包（支持IN 和 OUT方向的ACL）
    · 只統(tǒng)計(jì)穿越路由器的流量，源或目的是該路由器的數(shù)據(jù)包不做統(tǒng)計(jì)
    · 支持所有的switching path，除了Autonomous Switching
    · 可以通過(guò)SNMP來(lái)訪問(wèn)統(tǒng)計(jì)值，MIB是OLD-CISCO-IP-MIB, lipAccountingTable
    · ip accounting還支持其他的監(jiān)測(cè)方式，如基于tos,mac-address等
    二、netflow
    1、配置方法
    router (config-if)#ip route-cache flow
    router (config)#ip flow-export destination 172.17.246.225 9996
    router (config)#ip flow-export version 5
    Optional configuration
    router (config)#ip flow-export source loopback 0
    router (config)#ip flow-cache entries <1024-524288>
    router (config)#ip flow-cache timeout
    sh ip cache flow
    IP packet size distribution (132429191 total packets):
    1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
    .000 .191 .024 .009 .010 .006 .005 .008 .003 .005 .003 .003 .002 .001 .001
    512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
    .001 .002 .107 .032 .578 .000 .000 .000 .000 .000 .000
    IP Flow Switching Cache, 278544 bytes
    33 active, 4063 inactive, 7975259 added
    104834714 ager polls, 0 flow alloc failures
    Active flows timeout in 30 minutes
    Inactive flows timeout in 15 seconds
    last clearing of statistics never
    Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
    -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
    TCP-Telnet 25378 0.0 12 652 0.0 22.9 15.2
    TCP-FTP 432435 0.1 4 59 0.4 1.2 2.7
    TCP-FTPD 28670 0.0 212 1397 1.4 8.2 1.6
    TCP-WWW 4682530 1.0 15 927 16.4 2.4 4.6
    2、說(shuō)明
    · 統(tǒng)計(jì)基于流（包括地址對(duì)、端口號(hào)、協(xié)議類(lèi)型等）的數(shù)據(jù)量
    · 只支持inbound的流量
    · 只支持單播
    · 只能在主端口配置
    · 需要和cef或fast switching一起使用
    · 對(duì)路由器性能有影響
    10,000 active flows: < 4% of additional CPU utilization
    45,000 active flows: <12% of additional CPU utilization
    65,000 active flows: <16% of additional CPU utilization三、NBAR
    1、配置方法
    router(config)# interface FastEthernet 0/1
    router(config-if)# ip nbar protocol discovery
    router# show ip nbar protocol -discovery interface FastEthernet 6/0
    FastEthernet6/0
    Input Output
    Protocol Packet Count Packet Count
    Byte Count Byte Count
    5 minute bit rate (bps) 5 minute bit rate (bps)
    http 316773 0
    26340105 0
    3000 0
    pop3 4437 7367
    2301891 339213
    3000 0
    snmp 279538 14644
    319106191 673624
    0 0
    …
    Total 17203819 151684936
    19161397327 50967034611
    4179000 6620000
    2、說(shuō)明
    · NBAR識(shí)別從4層到7層的協(xié)議信息
    ·可以基于端口統(tǒng)計(jì)input 和output 的bit rate (bps), packet counts, byte counts
    · 只能在cef或dcef的基礎(chǔ)上運(yùn)行
    · 不象netflow，沒(méi)有流的概念。主要是統(tǒng)計(jì)目前網(wǎng)絡(luò)中有那一些應(yīng)用
    四、access-list log
    1、配置方法
    router(config)# access-list 118 permit ip any any log
    router(config)# interface FastEthernet 0/1
    router(config-if)# ip access-group 118 out
    router# show log
    router>sh log
    Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,
    0 overruns)
    Console logging: level debugging, 79 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 79 messages logged
    Logging Exception size (4096 bytes)
    Trap logging: level informational, 83 message lines logged
    Log Buffer (4096 bytes):
    *May 25 05:27:50: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 1 packet
    *May 25 05:28:59: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.28.128(0), 1 packet
    *May 25 05:29:19: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 56 packets
    2、說(shuō)明
    · 可以使用于任何端口的input 或者output
    · 可以看到目前端口上跑的應(yīng)用
    · 沒(méi)有統(tǒng)計(jì)信息，只能看到有那一些地址，看不到應(yīng)用統(tǒng)計(jì)。