Paolo Lucente
Sun, 08 Jun 2008 15:10:57 -0700
Hi Inge, what i don't get is whether you can't see these flows in the backend at all or you can see them but they come untagged. In the former case, check whether the daemon is reporting (stdout or logfile) any malformed packets and, if possible, send me privately a few packets making it to the backend and a few that don't. In the latter case, something nasty is happening to the filter; try playing with it: you said you tried different combinations; try also splitting it in three parts, one for each subnet, with distinct IDs. If any of these tricks will work then some debug will be required on my side to see what's wrong. Cheers, Paolo On Thu, Jun 05, 2008 at 02:44:36PM +0200, Inge Bj?rnvall Arnesen wrote: > Hi all, > > > > I've been running pmacct with both memory and mysql backend for some time and > it has worked very well. I use pretag.map for filtering and as the number of > address ranges have increased, I've added to these rules. When I added our > third address range, however, none of the flows reported for this range ends > up in the memory or mysql databases and as far as I can see, these are > reported by our routers in the same way as all the others (same routers, same > interfaces, same scaling, same everything). Basically, I don't know how to > debug this problem. My pretag file is structured like this (it is much larger > with more interfaces and routers): > > > > id=1039 ip=81.93.172.80 in=39 filter='dst net 81.93.160.0/20 or dst > net 79.171.80.0/21 or dst net 195.225.0.0/19' sampling_rate=1000 > > id=1040 ip=81.93.172.80 in=40 filter='dst net 81.93.160.0/20 or dst > net 79.171.80.0/21 or dst net 195.225.0.0/19' sampling_rate=1000 > > > > id=2039 ip=81.93.172.80 out=39 filter='src net 81.93.160.0/20 or src > net 195.225.0.0/19 or src net 79.171.80.0/21' sampling_rate=1000 > > id=2040 ip=81.93.172.80 out=40 filter='src net 81.93.160.0/20 or src > net 195.225.0.0/19 or src net 79.171.80.0/21' sampling_rate=1000 > > > > I have verified that the ranges 81.93.160.0/20 and 195.225.0.0/19 are working > well, but not a single entry has been created associated with the > 79.171.80.0/21 network. As seen from the above snippet I have tried > variations of the sequence of networks in the filter string, but that does > not matter. Also, the IDs used for the other nets are the same, so the IDs > are thus properly set up in the pmacctd.conf file. How can I go about > debugging this on a live system? Maybe I'm just blind to the obvious - that > has happened before... many times. > > > > All the best, > > > > -- Inge _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists