[pmacct-discussion] How to figure out how much data is moving - inconsistent results

Jim Archer
Sun, 25 May 2008 15:39:29 -0700
Hi List...

I have been experimenting with pmacct on Debian Linux (Lenny).  I set it up 
to save data to a Postgres database and did some testing.  The load average 
on the machine sits right at 0.00.

For example, I cleared all the records from the database, started pmacct, 
and used scp to move a file that is 339,283 bytes.  That takes a few 
seconds.  I then wait a minute for pmacc to update the database and I see:

-[ RECORD 1 ]--+--------------------
agent_id       | 0
class_id       | unknown
mac_src        | 00:13:7f:31:a3:b3
mac_dst        | 00:07:95:33:09:c7
vlan           | 0
as_src         | 0
as_dst         | 0
ip_src         | 72.46.65.54
ip_dst         | 68.226.87.245
port_src       | 22
port_dst       | 2912
tcp_flags      | 0
ip_proto       | 6
tos            | 8
packets        | 9
bytes          | 12040
flows          | 0
stamp_inserted | 2008-05-25 18:28:00
stamp_updated  | 2008-05-25 18:29:07



The bytes number just does not make any sense.  If I move the same file the 
exact same way again, I get:


-[ RECORD 2 ]--+--------------------
agent_id       | 0
class_id       | unknown
mac_src        | 00:13:7f:31:a3:b3
mac_dst        | 00:07:95:33:09:c7
vlan           | 0
as_src         | 0
as_dst         | 0
ip_src         | 72.46.65.54
ip_dst         | 68.226.87.245
port_src       | 22
port_dst       | 2913
tcp_flags      | 0
ip_proto       | 6
tos            | 8
packets        | 13
bytes          | 17628
flows          | 0
stamp_inserted | 2008-05-25 18:30:00
stamp_updated  | 2008-05-25 18:31:02


These are different numbers that still don't make sense.  I can do it a 
bunch of times and get different results each time.

My pmacct config is below.  Could someone please let me know what I have 
done wrong?

Thanks...



! pmacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/pmacctd.pid
!syslog: daemon
logfile: pmacct.log
!
!
!
! interested in in and outbound traffic
aggregate: src_mac, src_port, src_host, dst_mac, dst_port, dst_host, flows, 
tos, proto
!aggregate: src_port, src_host, dst_port, dst_host, proto
!aggregate: src_port, src_host, dst_port, dst_host, proto, sum_host

interface: eth0
!
! storage methods
plugins: pgsql


! sql server config
sql_host: bwdb.registrationtek.com
sql_passwd: jim
sql_user: pmacctjim
sql_table_version: 7
sql_data: typed
sql_db: pmacctjim

! refresh the db every 60 seconds
sql_refresh_time: 60

! reduce the size of the insert/update clause
!sql_optimize_clauses: true

! accumulate values in each row for up to 1 day
sql_history: 1m

! create new rows on the minute, hour, day boundaries
sql_history_roundoff: mhd
!sql_history_roundoff: m

! in case of emergency, log to this file
sql_recovery_logfile: /var/lib/pmacct/recovery_log


  

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Reply via email to