Hello again, While searching I found that I should add "ports_file:" primitive but I didn't work for me.
BR, Bassem On Tue, Apr 12, 2016 at 12:37 PM, bassem zaki <eng.bassem.z...@gmail.com> wrote: > Hello all, > > I'm new to pmacct and I'm trying to collect IPFIX flows sent from a cisco > router using nfacctd and mysql plugin. The problem is I'm not able to > collect src_port and dst_port although I'm able to collect them using > another netflow collector (SILK). > > *nfacct.conf:* > > daemonize: false > aggregate[dummy]: src_host, dst_host, src_port, dst_port > nfacctd_port: 4739 > nfacctd_time_new: true > plugins: mysql[dummy] > sql_db: pmacct > sql_table: acct > sql_table_version: 1 > sql_passwd: XXXX > sql_user: XXXX > sql_refresh_time: 90 > sql_history: 10m > sql_history_roundoff: mh > > <SNIP> > > +-------------+-------------+--------------+---------------+----------+----------+----------+---------+-------+---------------------+---------------------+ > | mac_src | mac_dst | ip_src | ip_dst | src_port | > dst_port | ip_proto | packets | bytes | stamp_inserted | > stamp_updated | > > +-------------+-------------+--------------+---------------+----------+----------+----------+---------+-------+---------------------+---------------------+ > | 0:0:0:0:0:0 | 0:0:0:0:0:0 | XX.XX.XX.XX | XX.XX.XX.XX | 0 > | 0 | ip | 1 | 143 | 2016-04-12 11:50:00 | 2016-04-12 > 11:54:01 | > > +-------------+-------------+--------------+---------------+----------+----------+----------+---------+-------+---------------------+---------------------+ > <SNIP> > > <SNIP> > DEBUG ( default/core ): NfV10 agent : ::ffff:XX.XX.XX.XX:256 > DEBUG ( default/core ): NfV10 template type : flow > DEBUG ( default/core ): NfV10 template ID : 269 > DEBUG ( default/core ): ---------------------------------------- > DEBUG ( default/core ): | field type | offset | size | > DEBUG ( default/core ): | IPv4 src addr | 0 | 4 | > DEBUG ( default/core ): | IPv4 dst addr | 4 | 4 | > DEBUG ( default/core ): | L4 src port | 8 | 2 | > DEBUG ( default/core ): | L4 dst port | 10 | 2 | > DEBUG ( default/core ): | in bytes | 12 | 4 | > DEBUG ( default/core ): | in packets | 16 | 4 | > DEBUG ( default/core ): ---------------------------------------- > ..... > ..... > DEBUG ( dummy/mysql ): INSERT INTO `acct` (stamp_updated, stamp_inserted, > ip_src, ip_dst, src_port, dst_port, ip_proto, mac_src, mac_dst, packets, > bytes) VALUES (FROM_UNIXTIME(1460456228), FROM_UNIXTIME(1460455800), > 'XX.XX.XX.XX', 'XX.XX.XX.XX', 0, 0, 'ip', '0:0:0:0:0:0', '0:0:0:0:0:0', 1, > 123) > <SNIP> > > BR, > Bassem Zaki >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
