Hi Paolo and all,
Hope this is right place to post my question.
For recording flow’s corresponding timestamp I use sql_history primitive and
my sfacctd.conf looks like:
………………
sql_dont_try_update: true
sql_history: 1m
!ql_history_roundoff: mh
……………..
The sql data I got
mysql> select * from acct_v9 limit 3;
+-----+-------+----------+----------+-----+----------+-------------------+-------------------+------+--------+--------+-------------+---------------+----------+----------+-----------+----------+-----+---------+-------+-------+---------------------+---------------------+
| cos | etype | mask_src | mask_dst | tag | class_id | mac_src |
mac_dst | vlan | as_src | as_dst | ip_src | ip_dst |
port_src | port_dst | tcp_flags | ip_proto | tos | packets | bytes | flows |
stamp_inserted | stamp_updated |
+-----+-------+----------+----------+-----+----------+-------------------+-------------------+------+--------+--------+-------------+---------------+----------+----------+-----------+----------+-----+---------+-------+-------+---------------------+---------------------+
| 0 | 800 | 0 | 0 | 0 | unknown | 00:26:55:55:e0:06 |
80:71:1f:4c:be:01 | 100 | 0 | 0 | 10.100.1.2 | 140.96.27.220 |
53 | 34504 | 0 | udp | 0 | 1 | 428 | 0 |
2014-09-09 19:39:00 | 2014-09-09 19:40:01 |
| 0 | 800 | 0 | 0 | 0 | unknown | 00:26:55:55:82:84 |
02:a0:98:28:51:d9 | 98 | 0 | 0 | 10.98.1.32 | 10.98.1.22 |
678 | 2049 | 16 | tcp | 0 | 1 | 1522 | 0 |
2014-09-09 19:39:00 | 2014-09-09 19:40:01 |
| 0 | 800 | 0 | 0 | 0 | unknown | 00:e0:81:ce:9b:10 |
80:71:1f:4c:be:01 | 236 | 0 | 0 | 10.236.39.1 | 140.96.27.144 |
22 | 52098 | 16 | tcp | 16 | 3 | 4566 | 0 |
2014-09-09 19:39:00 | 2014-09-09 19:40:01 |
+-----+-------+----------+----------+-----+----------+-------------------+-------------------+------+--------+--------+-------------+---------------+----------+----------+-----------+----------+-----+---------+-------+-------+---------------------+---------------------+
3 rows in set (0.00 sec)
Flow are written into mysql every 1 second. (It’s nice to have such a
timestamp for each flow.)
And is there any more precise primitive or mechanism to use , for example,
some timing information in packet header in millisecond precision?
Thanks in advance. And good day :)
TC Wu
====================================================================
本信件可能包含工研院機密資訊,非指定之收件者,請勿使用或揭露本信件內容,並請銷毀此信件。
This email may contain confidential information. Please do not use or disclose
it in any way and delete it if you are not the intended recipient.
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
