Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit
Good afternoon Paolo, I missed a part in the receiver config: BEFORE: id=100 ip=192.168.10.50:3056 AFTER: id=100 ip=192.168.10.50:3056 tag=100 I'm sorry about that. I tested it and it worked! Thank you again for your help, Eric On Wed, Nov 18, 2020 at 12:22 PM eric c wrote: > Hello Paolo, > > Thank you for the reference. I just looked at this and tested it but it > did not filter out the network I specified. When I wiresharked on the > receiving host it was showing all traffic but not the specified network > (src_net=192.168.0.0/24) . > > Below are the configs I used: > > # nfacctd.conf > daemonize: false > nfacctd_port: 2055 > nfacctd_ip: 0.0.0.0 > logfile: /var/log/nfacctd.log > > tee_transparent: true > maps_index: true > > plugins: tee[a] > > tee_receivers[a]: tee_receivers.lst > pre_tag_map[a]: pretag.map > > plugin_buffer_size: 10240 > plugin_pipe_size: 1024000 > nfacctd_pipe_size: 1024000 > > # tee_receivers.lst > id=100 ip=192.168.10.50:3056 > > # pretag.map > set_tag=100 ip=0.0.0.0/0src_net=192.168.0.0/24 > > I'm using nfacctd 1.7.5-git (20200510-00); FYI > > Is there another part I'm missing from the config? > > Thank you! > Eric > > > > > On Wed, Nov 18, 2020 at 10:46 AM Paolo Lucente wrote: > >> >> Hi Eric, >> >> You could look at this piece of documentation for what you are trying to >> do: https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200 >> >> The example focuses on src_mac and dst_mac, you should be using src_net >> and dst_net instead. >> >> Paolo >> >> On 18/11/2020 05:38, eric c wrote: >> > Good afternoon, >> > >> > Tring to setup nfacctd as replicator but would like to filter what >> > subnets to replicate to the next receiver. >> > >> > Below is a config that is working without filtering: >> > >> > # nfacctd.conf >> > daemonize: false >> > nfacctd_port: 2055 >> > nfacctd_ip: 0.0.0.0 >> > logfile: /var/log/nfacctd.log >> > >> > plugins: tee[a] >> > tee_receivers[a]: tee_nflow_receivers.lst >> > tee_transparent: true >> > >> > # tee_nflow_receivers.lst >> > id=1 ip=192.168.10.50:3056 <http://192.168.10.50:3056> >> > >> > What config change can I add to only replicate IP src/dst to >> 10.0.0.0/24 >> > <http://10.0.0.0/24> and 192.168.0.0/24 <http://192.168.0.0/24> for >> example? >> > >> > Thank you! >> > Eric >> > >> > ___ >> > pmacct-discussion mailing list >> > http://www.pmacct.net/#mailinglists >> > >> >> >> ___ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists >> > ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit
Hello Paolo, Thank you for the reference. I just looked at this and tested it but it did not filter out the network I specified. When I wiresharked on the receiving host it was showing all traffic but not the specified network (src_net=192.168.0.0/24) . Below are the configs I used: # nfacctd.conf daemonize: false nfacctd_port: 2055 nfacctd_ip: 0.0.0.0 logfile: /var/log/nfacctd.log tee_transparent: true maps_index: true plugins: tee[a] tee_receivers[a]: tee_receivers.lst pre_tag_map[a]: pretag.map plugin_buffer_size: 10240 plugin_pipe_size: 1024000 nfacctd_pipe_size: 1024000 # tee_receivers.lst id=100 ip=192.168.10.50:3056 # pretag.map set_tag=100 ip=0.0.0.0/0src_net=192.168.0.0/24 I'm using nfacctd 1.7.5-git (20200510-00); FYI Is there another part I'm missing from the config? Thank you! Eric On Wed, Nov 18, 2020 at 10:46 AM Paolo Lucente wrote: > > Hi Eric, > > You could look at this piece of documentation for what you are trying to > do: https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200 > > The example focuses on src_mac and dst_mac, you should be using src_net > and dst_net instead. > > Paolo > > On 18/11/2020 05:38, eric c wrote: > > Good afternoon, > > > > Tring to setup nfacctd as replicator but would like to filter what > > subnets to replicate to the next receiver. > > > > Below is a config that is working without filtering: > > > > # nfacctd.conf > > daemonize: false > > nfacctd_port: 2055 > > nfacctd_ip: 0.0.0.0 > > logfile: /var/log/nfacctd.log > > > > plugins: tee[a] > > tee_receivers[a]: tee_nflow_receivers.lst > > tee_transparent: true > > > > # tee_nflow_receivers.lst > > id=1 ip=192.168.10.50:3056 <http://192.168.10.50:3056> > > > > What config change can I add to only replicate IP src/dst to 10.0.0.0/24 > > <http://10.0.0.0/24> and 192.168.0.0/24 <http://192.168.0.0/24> for > example? > > > > Thank you! > > Eric > > > > ___ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > > > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] nfacctd tee - filter subnets before transmit
Good afternoon, Tring to setup nfacctd as replicator but would like to filter what subnets to replicate to the next receiver. Below is a config that is working without filtering: # nfacctd.conf daemonize: false nfacctd_port: 2055 nfacctd_ip: 0.0.0.0 logfile: /var/log/nfacctd.log plugins: tee[a] tee_receivers[a]: tee_nflow_receivers.lst tee_transparent: true # tee_nflow_receivers.lst id=1 ip=192.168.10.50:3056 What config change can I add to only replicate IP src/dst to 10.0.0.0/24 and 192.168.0.0/24 for example? Thank you! Eric ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists