Paolo Lucente
Sun, 30 Mar 2008 07:25:58 -0700
Hi Enrico, sorry for the late reply. Keywords supported by the "aggregate_filter" directive highly depend on the grammar of the libpcap library pmacct is compiled against. If you have a tcpdump compiled against the same libpcap library, test its behaviour attaching the same filter, ie.: tcpdump src host 192.168.1.39 and dst portrange 79-81 It should not recognize the "portrange" keyword aswell. If that's the case, all you need is to download a more recent version of the library and recompile pmacct against it. Cheers, Paolo On Mon, Mar 24, 2008 at 02:24:33PM +0100, Enrico Lambertini wrote: > hi, > does pmacct support the filter portrange? > this is my pmacct.conf: > > daemonize: true > pidfile: /var/run/pmacctd.pid > syslog: daemon > interface: eth0 > aggregate: src_port,dst_port,src_host,dst_host > plugin_buffer_size: 2048 > plugin_pipe_size: 2048000 > > plugins: memory[in], memory[out],memory[test], > aggregate[in]: dst_port, dst_host > aggregate_filter[in]: dst host 192.168.1.39 > aggregate[out]:src_port, src_host > aggregate_filter[out]: src host 192.168.1.39!aggregate[out]: src_host > aggregate[test]:src_port, src_host,dst_port,dst_host > !! here it is the problem !! > aggregate_filter[test]: src host 192.168.1.39 and dst portrange 79-81 > imt_path[in]: /tmp/port_in.pipe > imt_path[out]: /tmp/port_out.pipe > imt_path[test]: /tmp/port_test.pipe > > I'm traying to configure pmacct to filter some port: the filter for in and > out work grate but the filter on "test" fail. "pmacctd -s -p > /tmp/port_test.pipe" ignore the filter... > > if I use "src host 192.168.1.39 and dst port 80" evereything seems ok > > I suppose I'm wrong with the syntax.... any help? thaks > > enrico _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists