Hello, I just discovered yesterday pmacct by doing some google search and I wanted to give it a try. Our scenario is pretty simple: We have a pair of Linux boxes receiving port mirrors from our network COREs which we use to generate netflows with nprobe and visualize them with nfsen and Kibana.
We replaced nprobe with pmacct and a very simple configuration: daemonize: true interface: eth2 aggregate: src_host, dst_host, src_port, dst_port, proto, tos plugins: nfprobe nfprobe_receiver: 10.60.1.69:9970 nfprobe_version: 9 pidfile: /var/run/pmacctd-eth2.pid syslog: daemon I'm so impressed with the performance, since it's being much less cpu-intensive than nprobe. But I've some doubts: * There is any way to configure thread number or something like this? I've enabled threads at compile time but I always see just 2 threads. * Can I configure which fields are being informed in the generated flow? By using pmacct instead nprobe I realize that I'm missing some fields, i.e. FIRST_SWITCHED and LAST_SWITCHED. I see how can I define flow aggregation and fields that can be used (-a) but not how to define which fields will be sent in the flow. Thank you!, Xavier Romero
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
