Re: [pmacct-discussion] Graphing Options

2016-11-10 Thread Raphael Mazelier 



On 10/11/2016 20:58, Catalin Petrescu wrote:

Hi Robert,

We had good results with grafana and influxdb using below  :
-src_as,dst_as,peer_src_as,peer_dst_as,peer_src_ip,as_path,dst_net,src_net,dst_mask,src_mask,in_iface,std_comm,med,proto,src_as_path

We export the flow records from pmacctd to kafka then import into influxdb
and from there is just a matter of creating the templates.  The only custom
thing is kafka to influx , and we use kafka-influxdb with a inhouse parser *
(kafka-influxdb). * take a look

* here
*




Very interesting. I've made something similar using custom amqp 
consumer. Is influxdb support well as much data ? because you basically 
insert one ts point for one flow entry.


--
Raphael Mazelier

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Graphing Options

2016-11-10 Thread Catalin Petrescu 
Hi Robert,

We had good results with grafana and influxdb using below  :
-src_as,dst_as,peer_src_as,peer_dst_as,peer_src_ip,as_path,dst_net,src_net,dst_mask,src_mask,in_iface,std_comm,med,proto,src_as_path

We export the flow records from pmacctd to kafka then import into influxdb
and from there is just a matter of creating the templates.  The only custom
thing is kafka to influx , and we use kafka-influxdb with a inhouse parser *
(kafka-influxdb). * take a look

* here
*

On Wed, Nov 9, 2016 at 10:55 PM, Robert Juric 
wrote:

> What I'm not sure of is whether or not time-series is the correct way to
> store my data? I am currently aggregating nfacctd data based on flow
> timestamps for accounting purposes. For those using InfuxDB and
> Graphite/Graphana, what primitives are you aggregating on and what do you
> pull out of the data in the graphing solution?
>
>
>
> On Wed, Nov 9, 2016 at 4:21 PM, Rasto Rickardt  wrote:
>
>> I would use InfluxDB as database & Grafana for graphing.
>>
>> As you already using memory plugin, you can use pmacct client and push
>> data to InfluxDB. It is webservice, so simple bash & curl will work.
>>
>> r.
>>
>> On 11/09/2016 11:01 PM, Robert Juric wrote:
>> > After fiddling around for a few days I'm still at a loss for finding a
>> > good graphing option.
>> >
>> > I've been working today trying to use the memory plugin and cacti to
>> > graph some data, but I realized that it won't be good for dynamic type
>> > graphs. I could easily graph total tcp/udp traffic since those don't
>> > alter too much. Ideally I'd like to aggregate the dst_ports but I'd like
>> > to graph the top 5. I understand Cacti may not be the best for this
>> > since you have to define the data sources manually.
>> >
>> > What other options are available or commonly used for graphing?
>> > Preferably something that can be aggregated on a per conversation basis?
>> >
>> >
>> > ___
>> > pmacct-discussion mailing list
>> > http://www.pmacct.net/#mailinglists
>> >
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] building version 1.6.1

2016-11-10 Thread Stephen Clark 

On 11/09/2016 09:21 PM, Vincent Bernat wrote:

  ❦  9 novembre 2016 11:56 -0500, Stephen Clark  :


LIBS . : -L/usr/pgsql-9.4/lib -ldl -L/usr/local/lib -lpfring
-lpcap -lrt -lnuma -lz -lpthread

If libpfring is linked to one version of libpcap and your local libpcap
is another one, there will a version conflict unless libpcap symbols are
versioned (they are not). Could you check with ldd what is in libpfring,
dependency-wise?

Yes, that is probably what is happening. The pf_ring from ntopng
replace libpcap with its own
version that uses pf_ring.





Yes, that is probably what is happening. The pf_ring from ntopng
replace libpcap with its own
version that uses pf_ring.

So, if libpfring is exporting directly the bpf_validate symbols (could
you check with objdump -T?), you can try to not link with -lpcap at all.
I just took the easy way out and compiled on a system that didn't have pf_ring 
installed.

Thanks for the info though.

Steve




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists