Re: [pmacct-discussion] Sort flow with ACLs

[Denis Cavrois]

Title: Acipia

Paolo Lucente a écrit : Hi Denis, sorry for the late reply. You really have two options: No problem, i'm also a really busy man ! - you can tag traffic through the Pre-Tagging infrastructure as you were suggesting. Then, you can select it on a per-plugin basis with the 'pre_tag_filter' directive. - you can use the 'aggregate_filter' directive which takes an ACL in libpcap format. This would be straightforward for less complicated scenarios where a single ACL would make the trick. Both 'pre_tag_filter' and 'aggregate_filter' directives are quite documented. If you have any further doubts, don't be afraid giving me a scream. Unfortunatelly, i've already do some test in this direction and it wasn't really satisfying for my needs. So, i've decided to write my own plugin. It parse an ACL file (the syntax is very similar to ipflow) and has only one counter per ACL. It starts to work and i hope it will be finish in one weeks. If i can make a suggestion, may you will deliver with the source code a dummy plugin that will only contain the basic structure to read the pipe and give to a function each read packets. Because all was very easy (parse a file, match flows, .... thanks to your plugin architecture and some functions you've already write ) except read the pipe and don't miss some flows. I haven't see a 'goto' since ... Basic 1.1 !! Cheers, Paolo On Wed, Apr 09, 2008 at 08:58:31AM +0200, Denis Cavrois wrote: Hi, First, i want to say that i'm a great fan of your collector. I have tried a lot, but it's the best one. But do you know ipflow ? (http://www.ipflow.utc.fr). It has a great feature : 'Flow filtering with Access-Control Lists'. It permit to aggregate flows with some complicated rules. So, it's very good to reduce resources needed (like memory usage or disk space). Do you think it's possible to use pretag map to have a similar feature, even if some ACL have hundred of rules ? If it don't, is it possible to add a layout in the collector schema ? Denis Cavrois -- <http://www.acipia.fr/> *Denis Cavrois* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Tel: (0)320 28 61 67 Tel: (0)320 28 61 62 Fax: (0)320 70 57 11 Acipia 50 av. Jean-Baptiste Lebas 59100 Roubaix Visitez notre site Web http://www.acipia.fr <http://www.acipia.fr/> _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists -- Denis Cavrois [EMAIL PROTECTED] Tel: (0)320 28 61 67 Tel: (0)320 28 61 62 Fax: (0)320 70 57 11 Acipia 50 av. Jean-Baptiste Lebas 59100 Roubaix Visitez notre site Web http://www.acipia.fr

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists