Hi guys,
Attempting to setup sfprobe (using pcap for sampling) so it accurately
reports inbound and outbound data (former for analysis, latter for some
accounting).
As a prelim config, I've got this going.
Does this appear right? I couldn't find much info on this type of
setups. The system in question is a FreeBSD firewall.
How might this configuration be extended to support multiple interfaces
if needed later?
daemonize: true
interface: ix5
aggregate[out]: src_mac, dst_mac, src_host, dst_host, src_port,
dst_port, proto
aggregate_filter[out]: ether src f4:b5:2f:42:47:84
aggregate[in]: src_mac, dst_mac, src_host, dst_host, src_port,
dst_port, proto
aggregate_filter[in]: ether src !(f4:b5:2f:42:47:84)
plugins: sfprobe[in],sfprobe[out]
sfprobe_agentsubid: 1402
sfprobe_receiver: 10.10.10.1:6343
sampling_rate: 768
sfprobe_direction[in]: in
sfprobe_direction[out]: out
sfprobe_ifindex[in]: 731
sfprobe_ifindex[out]: 732
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
