Is working filter with "and" or "or" rules ?
I have such config:
/etc/pmacct.conf
! pmacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
!
! interested in in and outbound traffic
aggregate: src_host,dst_host,src_mac,dst_mac,src_port,dst_port
! on this network
pcap_filter: net 195.235.115.0/22 or net 192.168.0.0/16
! on this interface
interface: eth1
!
ports_file: /etc/pmacct/ports
! storage methods
plugins: mysql
sql_host: mysql.xxx.net.ua
sql_db: statistic
sql_table: acct_v2
sql_table_version: 2
sql_user: xxx
sql_passwd: xxx
pre_tag_map: /etc/pmacct/pretag.map
sql_refresh_time: 300
sql_history: 5m
!sql_trigger_exec: /path/to/your/trigger.script
sql_dont_try_update: true
! refresh the db every minute
!sql_refresh_time: 60
! reduce the size of the insert/update clause
sql_optimize_clauses: true
! accumulate values in each row for up to an hour
!sql_history: 1h
! create new rows on the minute, hour, day boundaries
sql_history_roundoff: mhd
! in case of emergency, log to this file
!sql_recovery_logfile: /var/lib/pmacct/recovery_log
/etc/pmacct/pretag.map
id=3 filter='src net 192.168.0.0/16 and dst net 192.168.0.0/16'
id=3 filter='src net 192.168.0.0/16 and dst net 195.235.115.0/22'
id=3 filter='src net 195.235.115.0/22 and dst net 195.235.115.0/22'
id=3 filter='src net 195.235.115.0/22 and dst net 192.168.0.0/16'
and all work, but i haven't agent_id = 3 in mysql table. But if i use
some of pretag filter in tcpdump - i have traffic with that filter.
