Thanks Yann, the data is writing to the db. :) On Thu, Jan 19, 2017 at 2:11 PM, Luc Perreau <lucperr...@gmail.com> wrote:
> Found it. Here is my config: > > > ! nfacctd configuration > ! > ! > ! > daemonize:true > pidfile: /var/run/nfacctd.pid > syslog: daemon > plugins: mysql[total] > ! > ! interested in in and outbound traffic > !aggregate: src_host,dst_host > !aggregate: src_host,dst_host,src_port,dst_port,proto,tos,peer_src_ > as,peer_dst_as,in_iface,out_iface,vlan > !aggregate[total]: src_host,dst_host,src_port,dst_port,proto,in_iface,out_ > iface,tag > aggregate[total]: src_host,dst_host > !nfacctd_ip: 10.100.254.10 > nfacctd_port: 5679 > !networks_file: /etc/pmacct/nfacctd.networks > !pre_tag_map: /etc/pmacct/pretag.map > !pre_tag_filter[total]: 0-2 > interface: eth0 > sql_host: localhost > sql_db: pmacct > sql_user: pmacct > sql_passwd: arealsmartpwd > sql_refresh_time: 60 > sql_history: 5m > sql_history_roundoff: d > !sql_table_version: 8 > sql_optimize_clauses: true > sql_table[total]: acct > !logfile: /var/log/nfacctd.log > > ! > ! storage methods > ! refresh the db every minute > !sql_refresh_time: 60 > ! reduce the size of the insert/update clause > !sql_optimize_clauses: true > ! accumulate values in each row for up to an hour > !sql_history: 1h > ! create new rows on the minute, hour, day boundaries > !sql_history_roundoff: mhd > ! in case of emergency, log to this file > !sql_recovery_logfile: /var/log/nfacctd_recovery_log > > > > > > > > > > It is logging in syslog. now what do i look for? > > On Thu, Jan 19, 2017 at 2:06 PM, Luc Perreau <lucperr...@gmail.com> wrote: > >> Hi Yann, >> >> I am running it in the debug mode now, but where do i see the debug logs? >> Do i have to define my log file in the nfacctd.conf file? >> >> Luc >> >> On Thu, Jan 19, 2017 at 1:45 PM, Yann Belin <y.belin...@gmail.com> wrote: >> >>> Hi Luc, >>> >>> Did you try to enable debug mode on nfacctd (-d)? It will show you >>> when the flows are received, as well any potential errors when sending >>> it to db. >>> >>> Also, keep in mind that if you use NetflowV9/IPfix, nfacctd wont be >>> able to process incoming flows until a template is received. >>> >>> Cheers, >>> >>> Yann >>> >>> On Thu, Jan 19, 2017 at 4:51 AM, Luc Perreau <lucperr...@gmail.com> >>> wrote: >>> > Hi all, >>> > >>> > I am fairly new to pmacct and have been struggling for a while to get >>> it to >>> > do what i want. >>> > >>> > I have it setup and logging to a mysql db. >>> > >>> > All i want is to send netflow traffic to it so that i know which IP >>> accessed >>> > what and at what time. >>> > >>> > Basically i am interested in src ip, dst ip, src port, dst port, and >>> time >>> > >>> > I have tried using nfacct but when i query the db, i do not see time >>> entries >>> > :( >>> > >>> > I know flows are hitting the hitting box of the right port as i have >>> done a >>> > tcpdump and i see the flows. >>> > >>> > Can someone please help me out? >>> > >>> > Thanks, >>> > >>> > Luc >>> > >>> > _______________________________________________ >>> > pmacct-discussion mailing list >>> > http://www.pmacct.net/#mailinglists >>> >>> _______________________________________________ >>> pmacct-discussion mailing list >>> http://www.pmacct.net/#mailinglists >>> >> >> >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists