Логи PPP сессий находятся в /var/log
1. Задача отследить сессию конкретного абонента за 30 Октября
Известен login абонента
Login=70328
1) Узнаем ID сессии
cat /var/log/ppp* | grep "Oct 30" | grep "User login <70328>" Oct 30 08:01:59 router-local pppd[19982]: User login <70328>. Oct 30 13:12:55 router-local pppd[9788]: User login <70328>. Oct 30 22:36:53 router-local pppd[18617]: User login <70328>.
За 30 Октября у абонента было 3 сеанса подключений. Отследим к примеру последнюю.
Значение pppd[18617] определяет PPPoE сессию с ID=18617
2) Узнаем все события по найденной сессии
cat /var/log/ppp* | grep "Oct 30" | grep '\[18617\]' Oct 30 22:36:50 router-local pppoe-server[18617]: Session 228 created for client bc:ae:c5:e4:1e:cd (10.67.15.228) on Leth1 using Service-Name 'serverpppoe' Oct 30 22:36:50 router-local pppd[18617]: Plugin /etc/ppp/plugins/rp-pppoe.so loaded. Oct 30 22:36:50 router-local pppd[18617]: RP-PPPoE plugin version 3.3 compiled against pppd 2.4.3 Oct 30 22:36:50 router-local pppd[18617]: Plugin /etc/ppp/plugins/b_auth_wb.so loaded. Oct 30 22:36:50 router-local pppd[18617]: Clean dead msg. Oct 30 22:36:50 router-local pppd[18617]: b_auth plugin initialized. Oct 30 22:36:50 router-local pppd[18617]: pppd 2.4.3 started by (unknown), uid 0 Oct 30 22:36:50 router-local pppd[18617]: Using interface ppp181 Oct 30 22:36:50 router-local pppd[18617]: Connect: ppp181 <--> Leth1 Oct 30 22:36:50 router-local pppd[18617]: Couldn't increase MTU to 1500 Oct 30 22:36:50 router-local pppd[18617]: Couldn't increase MRU to 1500 Oct 30 22:36:53 router-local pppd[18617]: Couldn't increase MRU to 1500 Oct 30 22:36:53 router-local pppd[18617]: User login <70328>. Oct 30 22:36:53 router-local pppd[18617]: peer from calling number BC:AE:C5:E4:1E:CD authorized Oct 30 22:36:53 router-local pppd[18617]: Call b_ip_choose Oct 30 22:36:54 router-local pppd[18617]: b_ip_choose sets 11.22.33.44. Oct 30 22:36:54 router-local pppd[18617]: Call b_allowed_address(11.22.33.44). Oct 30 22:36:54 router-local pppd[18617]: local IP address 192.168.0.251 Oct 30 22:36:54 router-local pppd[18617]: remote IP address 11.22.33.44 Oct 30 23:36:00 router-local pppd[18617]: Terminating on signal 15 Oct 30 23:36:00 router-local pppd[18617]: Call b_ip_down_hook. Oct 30 23:36:00 router-local pppd[18617]: Call b_ip_down_hook end. Oct 30 23:36:00 router-local pppd[18617]: Connect time 59.1 minutes. Oct 30 23:36:00 router-local pppd[18617]: Sent 335120807 bytes, received 10383237 bytes. Oct 30 23:36:00 router-local pppd[18617]: Couldn't increase MTU to 1500 Oct 30 23:36:00 router-local pppd[18617]: Couldn't increase MRU to 1500 Oct 30 23:36:00 router-local pppd[18617]: Terminating on signal 15
Как видим из вывода можно определить:
Начало сессии:
Oct 30 22:36:50 router-local pppoe-server[18617]: Session 228 created for client bc:ae:c5:e4:1e:cd (10.67.15.228) on Leth1 using Service-Name 'serverpppoe'
Окончание сессии:
Oct 30 23:36:00 router-local pppd[18617]: Terminating on signal 15
MAC адрес абонента и авторизацию:
peer from calling number BC:AE:C5:E4:1E:CD authorized
Внешний IP адрес абонента:
remote IP address 11.22.33.44
Локальный IP адрес абонента:
for client bc:ae:c5:e4:1e:cd (10.67.15.228)