Hi, I'm looking for a solution for the following: we have a transit router which generates netflow data for our network, which provides transit services to various customers. We would like to be able to provide netflow data to our customers, but of course, we can only provide them with data for their network, so we need filtering. Of course I'd usually would have fixed this by enabling netflow on the customer facing interfaces, but for this specific network this is not possible. So I need a way to split and replay my flows.
Looking for a way to split incoming netflow packets based on characteristics (source/destination IP and/or next-hop ASN) I found pmacct. I played with the "tee" plugin combined with a pre_tag_map for some time, but couldn't get this to work yet. My config looked like this: == nfacctd.conf == plugins: tee[cust] tee_transparent: true pre_tag_map: /etc/pmacct/pretag.map tee_receivers[cust]: /etc/pmacct/tee_receivers.lst == pre-tag.map == set_tag=100 ip=10.0.0.0/8 set_tag=200 ip=192.168.0.0/24 == tee_receivers.lst == id=2 ip=10.11.12.13:5000 tag=100 id=3 ip=192.168.1.1:5000 tag=200 Is what I want to do even possible, and if so, what am I doing wrong here? Thanks for the help, Teun _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
