Hello, I have netflow coming from a few devices where the source AS and destination AS both show up as 0 and is confirmed with tcpdump captures, so nfacctd dutifully stores these in the database with zeroes. I would like to have all traffic coming from these devices to be marked as coming from/going to a particular AS. How can I do that? I'm running nfacctd 1.5.0rc3. BGP daemon appears to be working correctly as I see routing information show up in BGP daemon msglog. Below is my config:
daemonize: true pidfile: /var/run/nfacctd.pid logfile: /tmp/nfacctd.log nfacctd_allow_file: /etc/pmacct/nfacctd.allow aggregate[flows]: src_as, dst_as, peer_src_ip, peer_dst_ip, as_path interface: eth0 nfacctd_port: 9995 nfacctd_disable_checks: true nfacctd_time_new: true nfacctd_as_new: fallback nfacctd_net: fallback bgp_daemon: true bgp_daemon_ip: X.X.X.X bgp_daemon_port: 179 bgp_daemon_msglog: true bgp_peer_src_as_type: bgp bgp_src_as_path_type: bgp plugins: pgsql[flows] plugin_buffer_size: 102400 plugin_pipe_size: 10240000 sql_host[flows]: localhost sql_user[flows]: pmacct sql_passwd[flows]: XXXX sql_refresh_time[flows]: 300 sql_optimize_clauses[flows]: true sql_history[flows]: 5m sql_history_roundoff[flows]: mhd sql_table_version[flows]: 1 sql_table_type[flows]: bgp sql_dont_try_update[flows]: true sql_use_copy[flows]: true BGP daemon snippet, showing it is receiving routes: Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u Prefix: '128.73.86.0/24' Path_Id: '0' Path: '6453 1299 1273 3216 3216 3216 8402' Comms: '577:55 577:4110 577:5504 577:6453 577:10100 577:21136 577:32426 5780:6539' EComms: '' LP: '100' MED: '0' Nexthop: '64.230.195.164' Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u Prefix: '164.85.32.0/19' Path_Id: '0' Path: '6453 6762 23074' Comms: '577:55 577:4110 577:5504 577:6453 577:10100 577:21136 577:32426 5780:6539' EComms: '' LP: '100' MED: '0' Nexthop: '64.230.195.164' Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u Prefix: '109.251.178.0/24' Path_Id: '0' Path: '3549 21011 31148 31148 31148' Comms: '577:55 577:5604 577:11100 577:22111' EComms: '' LP: '110' MED: '0' Nexthop: '64.230.195.155' Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u Prefix: '188.231.196.0/24' Path_Id: '0' Path: '3549 21011 31148' Comms: '577:55 577:5604 577:11100 577:22111' EComms: '' LP: '110' MED: '0' Nexthop: '64.230.195.155' database snippet: Jul 17 11:20:01 INFO ( flows/pgsql ): *** Purging cache - START (PID: 8685) *** Jul 17 11:20:01 DEBUG ( flows/pgsql ): COPY acct_bgp (stamp_updated, stamp_inserted, as_src, as_dst, as_path, peer_ip_src, peer_ip_dst, packets, bytes) FROM STDIN DELIMITER ',' Jul 17 11:20:01 DEBUG ( flows/pgsql ): 2014-07-17 11:20:01,2014-07-17 11:15:00,0,0,,64.230.15.243,64.230.200.244,5139,7417346 Jul 17 11:20:01 DEBUG ( flows/pgsql ): 2014-07-17 11:20:01,2014-07-17 11:15:00,0,0,,64.230.15.243,64.230.15.132,4636,6674365 Jul 17 11:20:01 DEBUG ( flows/pgsql ): 2014-07-17 11:20:01,2014-07-17 11:15:00,0,0,,64.230.15.243,64.230.193.151,3933,5720197 Thanks, Pat _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
