Hi Paul, Configuration looks good, yes. Any anomaly you may notice, don't hesitate to ping me directly for furhter troubleshooting. Wrt the multiple interfaces: since you have the sfprobe_ifindex in, i can't recommend towards an 'interface: any' kind of config (which would allow you to do all with a single pmacctd instance); you should really add one pmacctd instance per interface. On Linux you would have had ULOG/NFLOG as a further option.
Cheers, Paolo On Sun, Mar 06, 2016 at 11:29:29AM +0900, Paul S. wrote: > Hi guys, > > Attempting to setup sfprobe (using pcap for sampling) so it > accurately reports inbound and outbound data (former for analysis, > latter for some accounting). > > As a prelim config, I've got this going. > > Does this appear right? I couldn't find much info on this type of > setups. The system in question is a FreeBSD firewall. > > How might this configuration be extended to support multiple > interfaces if needed later? > > >daemonize: true > >interface: ix5 > >aggregate[out]: src_mac, dst_mac, src_host, dst_host, src_port, > >dst_port, proto > >aggregate_filter[out]: ether src f4:b5:2f:42:47:84 > >aggregate[in]: src_mac, dst_mac, src_host, dst_host, src_port, > >dst_port, proto > >aggregate_filter[in]: ether src !(f4:b5:2f:42:47:84) > >plugins: sfprobe[in],sfprobe[out] > >sfprobe_agentsubid: 1402 > >sfprobe_receiver: 10.10.10.1:6343 > >sampling_rate: 768 > >sfprobe_direction[in]: in > >sfprobe_direction[out]: out > >sfprobe_ifindex[in]: 731 > >sfprobe_ifindex[out]: 732 > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
