Hi All,
Correct me if I am wrong, but for example the sFlow from Brocade is not
even exporting this information. IPFIX may be?
In any case, if the information is already on the packet, i.e. A oder PTR
field, why not include it?
On the other hand, pmacct doing itself dns lookups would not have sense for
me. That is the work of a post-processing tool.
Regards,
Daniel Gomez
Von: Chris Wilson <ch...@aptivate.org>
An: pmacct-discussion@pmacct.net
Datum: 24.03.2014 14:17
Betreff: Re: [pmacct-discussion] HTTP traffic classification
Gesendet von: "pmacct-discussion"
<pmacct-discussion-boun...@pmacct.net>
Hi Karl,
On Mon, 24 Mar 2014, Karl O. Pinc wrote:
> On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote:
>> Concerning HTTP: I guess the thing to output would be hostname, since
>> you can have multiple HTTP requests to different URLs inside one TCP
>> Session.About DNS, what should be outputted? I guess the hostname for A
>> queries is good enough to start with.
>
> I'm not clear on where DNS would fit into this. Offhand, DNS lookups
> (and then reverse DNS lookups, etc.) should not be part of
> pmacct. There's just too much latency. People who want that
> sort of thing should work out how to do it outside of pmacct.
I'd like to see the *content* of DNS requests and responses available to
be logged in data records by pmacct. It can be very helpful in identifying
which website someone was trying to access, when all we have is an IP
address. I accept that not everybody would want this, but I do.
Cheers, Chris.
--
Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838
Citylife House, Sturton Street, Cambridge, CB1 2QF, UK
Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
