Hello all, I promise I searched the archives exhaustively first...
We are trying to separate external ingress/egress traffic using aggregate_filter (config below), but it's not working as expected. When we only have one of the sections active and (xv_ext_in OR xv_ext_out) and comment out the other, we get exactly the data we expect - only external data and either to/from our networks. When we activate both in the config, we end up with a mix of both, but not exactly the same data. Any help would be greatly appreciated - thanks! Config: daemonize: false nfacctd_port: 2100 nfacctd_net: netflow plugins: amqp[xv_ext_in], amqp[xv_ext_out] ! amqp_exchange[xv_ext_in]: netflow-in amqp_exchange_type[xv_ext_in]: direct amqp_host[xv_ext_in]: localhost amqp_refresh_time[xv_ext_in]: 5 amqp_user[xv_ext_in]: username amqp_passwd[xv_ext_in]: password aggregate[xv_ext_in]: peer_src_ip, src_as, dst_as, src_host, dst_host, src_port, dst_port, in_iface, out_iface, proto, sampling_rate aggregate_filter[xv_ext_in]: not (src net (173.241.240.0/20 or 69.6.80.0/20 or 199.26.53.0/24 or 209.182.128.0/19)) and not net 10.0.0.0/8 amqp_routing_key[xv_ext_in]: xv_in ! amqp_exchange[xv_ext_out]: netflow-out amqp_exchange_type[xv_ext_out]: direct amqp_host[xv_ext_out]: localhost amqp_refresh_time[xv_ext_out]: 5 amqp_user[xv_ext_out]: username amqp_passwd[xv_ext_out]: password aggregate[xv_ext_out]: peer_src_ip, src_as, dst_as, src_host, dst_host, src_port, dst_port, in_iface, out_iface, proto, sampling_rate aggregate_filter[xv_ext_out]: not (dst net (173.241.240.0/20 or 69.6.80.0/20 or 199.26.53.0/24 or 209.182.128.0/19)) and not net 10.0.0.0/8 amqp_routing_key[xv_ext_out]: xv_out
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
