alex
Fri, 11 Apr 2008 04:31:01 -0700
Hello list!
Sorry but i sent my first letter with big attachement and it don't get
in maillist. I repeate it without screenshot.
I installed pmacct-0.11.4 and after read docs and setting configs start
traffic statistics collection. But i discover one strange (incorrect)
behaviour of 'pmacct' in my case.
I have configuration with one 'nfacctd' on one machine with follow
config:
daemonize: true
nfacctd_ip: 192.168.5.8
nfacctd_port: 2100
nfacctd_allow_file: /usr/local/etc/allow.lst
nfacctd_time_new: true
aggregate: src_host, dst_host, src_port, dst_port, proto
plugins: mysql
sql_db: pmacct
sql_table: acct_v7
sql_table_version: 7
sql_host: 127.0.0.1
sql_user: usr
sql_passwd: pwd
sql_refresh_time: 90
sql_history: 1d
sql_history_roundoff: h
and two 'pmacctd' with 'nfprobe' plugin on different intefaces on
other machine with configs:
on internal interface
---------------------
daemonize: true
interface: eth1
pmacctd_force_frag_handling: true
plugins: nfprobe[inbound], nfprobe[out]
nfprobe_receiver: 192.168.5.8:2100
nfprobe_version: 9
aggregate[in]: dst_host, src_host, dst_port, proto
aggregate[out]: src_host, dst_host, src_port, proto
aggregate_filter[in]: dst net 172.16.254.0/24 and dst host ! 172.16.254.4
and src net ! ( 192.168.0.0/16 or 172.16.0.0/12 or 10.0.0.0/8 )
aggregate_filter[out]: src net 172.16.254.0/24 and src host ! 172.16.254.4
and dst net ! ( 192.168.0.0/16 or 172.16.0.0/12 or 10.0.0.0/8 )
and dst host ! 255.255.255.255
on external interface
---------------------
daemonize: true
interface: eth2
pmacctd_force_frag_handling: true
plugins: nfprobe[inext], nfprobe[outext], nfprobe[inkult], nfprobe[outkult]
nfprobe_receiver: 192.168.5.8:2100
nfprobe_version: 9
aggregate[inext]: dst_host, proto
aggregate[outext]: src_host, proto
aggregate[inkult]: dst_host, src_host, src_port, proto
aggregate[outkult]: src_host, dst_host, dst_port, proto
aggregate_filter[inext]: dst net 14.7.16.112/29 and src net ! 14.7.16.112/29
aggregate_filter[outext]: src net 14.7.16.112/29 and dst net !
14.7.16.112/29
aggregate_filter[inkult]: dst host 81.70.50.141
aggregate_filter[outkult]: src host 81.70.50.141
When i start these 'pmacctd' daemons separately all work fine and i see
information that i hope to see. But when i start them simultaneously in my
database begin appeared very strange flows (i can't attache screenshot).
All of them parameters (ip_src,ip_dst,src_port,dst_port,ip_proto,packets and
bytes) looks unreal. It seems that these data was decoded from garbage not
from correct filtered data.
Thank you very much,
Alex
----------
Доставка на дом и в офис пиццы, суши, шашлыка, напитков круглосуточно.
Закажи сейчас! http://www.pizza.by
(017) 290-93-93, (029) 690-93-93, 555-93-93
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists