Hi Matt, Effectively with debug enabled, your output should be a little bit more verbose. As a first step i would carry out some basic checks like: a) make sure "nfacctd_ip" binds to the correct IP address and b) double check there is no firewall rule prevening packets to be delivered to nfacctd (wireshark uses libpcap and would see packets anyway; while nfacctd uses just a standard SOCK_DGRAM socket).
Btw, you wont need "nfprobe" which is meant to generate NetFlow datagrams out of traffic captured via libpcap (pmacctd). Just by curiosity, why NetFlow v1? It smells Extreme ... Let me know. Cheers, Paolo On Tue, Mar 17, 2009 at 03:27:38PM -0700, Matt Lawson wrote: > > Hi, > > I am new to pmacct so maybe this is a rookie mistake. > > I have Cisco Netflow (version 1) going to my box on port 5000, I can confirm > this with wireshark. However when I set up nfacctd it never records any data. > > I have the mysql tables set up correctly (pretty sure) and I have also tried > using the "memory" plugin instead of mysql but no difference. > > Here is my config file. The only thing that has been changed is the IP > address: > > daemonize: true > aggregate: src_host > debug: true > nfacctd_time_new: true > plugins: mysql > interface: eth0 > nfacctd_ip: w.x.y.z > nfacctd_port: 5000 > nfacctd_time_secs: true > sql_refresh_time: 120 > sql_history: 5m > sql_history_roundoff: mh > sql_table_version: 7 > sql_db: pmacct > sql_host: 127.0.0.1 > sql_user: pmacct > sql_passwd: arealsmartpwd > sql_table: acct_v7 > ! sql_multi_values: 256000 > pidfile: /var/run/nfacctd > logfile: /var/log/nfacctd.log > > and here is what I see in the log file: > > === Start logging: 2009-03-17 22:22:33 === > > INFO ( default/mysql ): 110592 bytes are available to address shared memory > segment; buffer size is 100 bytes. > INFO ( default/mysql ): Trying to allocate a shared memory segment of 2764800 > bytes. > INFO ( default/core ): waiting for data on UDP port '5000' > > > and that's all it does, until I kill the process. > > Do I need to be running the nfprobe also? Do I need to be running a pmacctd > also? I'm running out of things to try. :( > > Thanks, > Matt _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
