Found it. Here is my config:
! nfacctd configuration ! ! ! daemonize:true pidfile: /var/run/nfacctd.pid syslog: daemon plugins: mysql[total] ! ! interested in in and outbound traffic !aggregate: src_host,dst_host !aggregate: src_host,dst_host,src_port,dst_port,proto,tos,peer_src_as,peer_dst_as,in_iface,out_iface,vlan !aggregate[total]: src_host,dst_host,src_port,dst_port,proto,in_iface,out_iface,tag aggregate[total]: src_host,dst_host !nfacctd_ip: 10.100.254.10 nfacctd_port: 5679 !networks_file: /etc/pmacct/nfacctd.networks !pre_tag_map: /etc/pmacct/pretag.map !pre_tag_filter[total]: 0-2 interface: eth0 sql_host: localhost sql_db: pmacct sql_user: pmacct sql_passwd: arealsmartpwd sql_refresh_time: 60 sql_history: 5m sql_history_roundoff: d !sql_table_version: 8 sql_optimize_clauses: true sql_table[total]: acct !logfile: /var/log/nfacctd.log ! ! storage methods ! refresh the db every minute !sql_refresh_time: 60 ! reduce the size of the insert/update clause !sql_optimize_clauses: true ! accumulate values in each row for up to an hour !sql_history: 1h ! create new rows on the minute, hour, day boundaries !sql_history_roundoff: mhd ! in case of emergency, log to this file !sql_recovery_logfile: /var/log/nfacctd_recovery_log It is logging in syslog. now what do i look for? On Thu, Jan 19, 2017 at 2:06 PM, Luc Perreau <lucperr...@gmail.com> wrote: > Hi Yann, > > I am running it in the debug mode now, but where do i see the debug logs? > Do i have to define my log file in the nfacctd.conf file? > > Luc > > On Thu, Jan 19, 2017 at 1:45 PM, Yann Belin <y.belin...@gmail.com> wrote: > >> Hi Luc, >> >> Did you try to enable debug mode on nfacctd (-d)? It will show you >> when the flows are received, as well any potential errors when sending >> it to db. >> >> Also, keep in mind that if you use NetflowV9/IPfix, nfacctd wont be >> able to process incoming flows until a template is received. >> >> Cheers, >> >> Yann >> >> On Thu, Jan 19, 2017 at 4:51 AM, Luc Perreau <lucperr...@gmail.com> >> wrote: >> > Hi all, >> > >> > I am fairly new to pmacct and have been struggling for a while to get >> it to >> > do what i want. >> > >> > I have it setup and logging to a mysql db. >> > >> > All i want is to send netflow traffic to it so that i know which IP >> accessed >> > what and at what time. >> > >> > Basically i am interested in src ip, dst ip, src port, dst port, and >> time >> > >> > I have tried using nfacct but when i query the db, i do not see time >> entries >> > :( >> > >> > I know flows are hitting the hitting box of the right port as i have >> done a >> > tcpdump and i see the flows. >> > >> > Can someone please help me out? >> > >> > Thanks, >> > >> > Luc >> > >> > _______________________________________________ >> > pmacct-discussion mailing list >> > http://www.pmacct.net/#mailinglists >> >> _______________________________________________ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists >> > >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
