Hi Martin,

The traffic appears to be VLAN tagged. The aggregate_filter with 'vlan
and src net 172.31.11.0/24' actually works for me and returns traffic.
The other does not. I tested against your pcap trace with your config.
If the problem at your end persists it could be due, dunno, to the
version of the libpcap installed? Last resort, if SSH access to your,
system is possible, let's follow up privately - i'd be happy to help
you out.

Cheers,
Paolo

On Thu, Dec 01, 2016 at 12:52:39PM +0000, Miethe, Martin wrote:
> Helly everybody, 
> 
> we want to set up IP based accountig for a students network. All hosts (> 
> 5.000) have static IP adresses, so PMACCT seems to be the right software to 
> use!
> To get started and understand sflow and pmacct I'm using a small lab 
> environment with one laptop connected to a HP switch. sflow is enabled at the 
> switch access port (laptop). 
> Now I'd like to have 2 mysql tables (in/out) aggregating the consumed 
> bandwith per IP on a hourly base.
> 
> Here the pmacct config I am using so far:
> ===========
> daemonize: true
> interface: ens160
> sfacctd_port: 6343
> sfacctd_ip: 172.31.10.84
> 
> aggregate[in]: dst_host
> aggregate[out]: src_host
> !aggregate_filter[in]: dst net 172.31.11.0/24
> !aggregate_filter[out]: vlan and src net 172.31.11.0/24
> 
> plugins: mysql[in], mysql[out]
> sql_history: 1h
> sql_history_roundoff: h
> sql_host: localhost
> sql_db: pmacct
> sql_table_version: 6
> sql_passwd: ****
> sql_user: ****
> sql_refresh_time: 60
> sql_table [in]: acct_v6_in
> sql_table [out]: acct_v6_out
> 
> sfacctd_renormalize: true
> logfile: /home/administrator/sfacctd.log
> ===========
> 
> I made 2 screenshots of the 2 mysql tables (in/out) with samples from the 
> above config and to be able to go more in depth I attached a packet capture 
> as well.
> https://wetransfer.com/downloads/454b0e7e32f2727d12c538269999a65220161201124352/2aa52ff9135a80cbb42a5d9684e359b720161201124352/17e3a7
> 
> Now I actually want pmacct to only aggregate packets from and to my laptop 
> (172.31.11.46). I thought aggregate_filter would be the right way to go, but 
> when I remove the comments, pmacct 
> will not write any samples to the database. It seems like everything gets 
> filtered when going with the filters. Am I missing something?
> 
> Thanks a lot in advance!
> Martin
> 
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to