Re: [pmacct-discussion] Flexible Netflow with Cisco ISR and nfacctd

2020-12-01 Thread Fabien VINCENT 
Thanks, that's exactly what I was looking for ! Didn't get enough time 
for finding this documentation about primitives.


As usual, quick and clear explanation Paolo ;)

Let's test and work now on my side.

Le 01-12-2020 18:48, Paolo Lucente a écrit :

Hi Fabien,

With prior knowledge of the template, ie. either you start nfacctd
with '-d' (debug) so to see the content of templates in the logs or
collect some NetFlow in a pcap file and open it with WireShark, you
could use the aggregate_primitives framework of pmacct to define
custom primitives.

Essentially in the config you do 'aggregate_primitives:
/path/to/primitives.lst'. Then for the actual content of the
'primitives.lst' file, you can look here:

https://github.com/pmacct/pmacct/blob/1.7.5/examples/primitives.lst.example

Top part of the file you can read the knobs available; bottom part you
are solely interested in the examples for NetFlow v9/IPFIX, ie. line
60, 66 and 72.

You can define custom primitives for pretty much anything but not for
non-key dimensions, ie. packets and bytes, those have to be supported
natively (although it's on the roadmap to make them also customizable)
even though, frankly, that has never been an issue. Should you run in
any issue with the counters, please send me an example pcap via
unicast email and we'll find a solution.

Hope this helps for a start.

Paolo

On 30/11/2020 22:58, Fabien VINCENT wrote:

Hello,

I'm looking to do Netflow v9, Flexible Netflow to be honest, with 
nfacctd but can't find any good ressources to play with nfacctd and 
aggregate's primitives when having FNF exports.


Is their is any documentation if template is a bit "custom" on the 
Cisco ISR side ? Seems sometimes for some reason, template is marked 
as unknown, or bytes/packets are null with nfacctd and I can't find 
any information about how to configure or troubleshoot it


Any helps / hints appreciated !




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


--
Fabien VINCENT
@beufanet

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Flexible Netflow with Cisco ISR and nfacctd

2020-11-30 Thread Fabien VINCENT 

Hello,

I'm looking to do Netflow v9, Flexible Netflow to be honest, with 
nfacctd but can't find any good ressources to play with nfacctd and 
aggregate's primitives when having FNF exports.


Is their is any documentation if template is a bit "custom" on the Cisco 
ISR side ? Seems sometimes for some reason, template is marked as 
unknown, or bytes/packets are null with nfacctd and I can't find any 
information about how to configure or troubleshoot it


Any helps / hints appreciated !

--
Fabien VINCENT
@beufanet

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] pmacct 1.7.4 released !

2020-01-07 Thread Fabien VINCENT 

Hi Paolo,
Thanks for this release and enhancements !
Since upgrade, I see a huge memory leak without any reason.
https://github.com/pmacct/pmacct/issues/356
The only changes is I dist-upgrade the machine itself as installed from 
source 1.7.4 release.

I use print plugin on my side on nfacctd processes.
Please let me know how I can troubleshoot this, I will rollback to 1.7.3 
temporarly

Regards,

Le 31-12-2019 17:48, Paolo Lucente a écrit :

VERSION.
1.7.4


DESCRIPTION.
pmacct is a small set of multi-purpose passive network monitoring 
tools. It
can account, classify, aggregate, replicate and export forwarding-plane 
data,
ie. IPv4 and IPv6 traffic; collect and correlate control-plane data via 
BGP
and BMP; collect and correlate RPKI data; collect infrastructure data 
via
Streaming Telemetry. Each component works both as a standalone daemon 
and
as a thread of execution for correlation purposes (ie. enrich NetFlow 
with

BGP data).

A pluggable architecture allows to store collected forwarding-plane 
data into
memory tables, RDBMS (MySQL, PostgreSQL, SQLite), noSQL databases 
(MongoDB,
BerkeleyDB), AMQP (RabbitMQ) and Kafka message exchanges and 
flat-files.
pmacct offers customizable historical data breakdown, data enrichments 
like
BGP and IGP correlation and GeoIP lookups, filtering, tagging and 
triggers.
Libpcap, Linux Netlink/NFLOG, sFlow v2/v4/v5, NetFlow v5/v8/v9 and 
IPFIX are
all supported as inputs for forwarding-plane data. Replication of 
incoming

NetFlow, IPFIX and sFlow datagrams is also available. Statistics can be
easily exported to time-series databases like ElasticSearch and 
InfluxDB and

traditional tools Cacti RRDtool MRTG, Net-SNMP, GNUPlot, etc.

Control-plane and infrastructure data, collected via BGP, BMP and 
Streaming
Telemetry, can be all logged real-time or dumped at regular time 
intervals

to AMQP (RabbitMQ) and Kafka message exchanges and flat-files.


HOMEPAGE.
http://www.pmacct.net/


DOWNLOAD.
http://www.pmacct.net/pmacct-1.7.4.tar.gz


CHANGELOG.
+ Released pmgrpcd.py v3: a Streaming Telemetry collector and decoder
  for multi-vendor environments written in Python3. It supports gRPC
  transport along with Protobuf encoding as input and can output to
  Kafka with Avro encoding. Output to files and JSON encoding is
  currently supported sending data via ZMQ to pmtelemetryd first. It
  was tested working with data input from Cisco and Huawei routers
  and v3 replaces v2. Thanks to the Streaming Telemetry core team:
  Matthias Arnold ( @tbearma1 ), Camilo Cardona ( @jccardonar ),
  Thomas Graf ( @graf3 , @graf3net ), Paolo Lucente ( @paololucente ).
+ Introduced support for the 'vxlan' VXLAN/VNI primitive in all traffic
  daemons (NetFlow/IPFIX, sFlow and libpcap/ULOG). Existing inner 
tunnel

  primitives (ie. tunnel_src_host, tunnel_dst_host, tunnel_proto, etc.)
  have been wired to the VXLAN decoding and new ones (tunnel_src_mac,
  tunnel_dst_mac, tunnel_src_port, tunnel_dst_port) were defined.
+ BMP daemon: added support for Peer Up message namespace for TLVs
  (draft-ietf-grow-bmp-peer-up) and also support for Route Monitor
  and Peer Down TLVs (draft-ietf-grow-bmp-tlv).
+ BGP, BMP daemons: in addition to existing JSON export, data can now
  be exported in Apache Avro format. There is also support for the
  Confluent Schema Registry.
+ Introduced support for JSON-encoded Apache Avro encoding. While the
  binary-encoded Apache Avro is always recommended for any production
  scenarios (also to optionallly leverage Confluent Schema Registry
  support), JSON-encoded is powerful for testing and troubleshooting
  scenarios.
+ sfprobe plugin: added support for IPv6 transport for sFlow export.
  sfprobe_agentip is an IP address put in the header of the sFlow
  packet. If underlying transport is IPv6, this must be configured to
  an IPv6 address.
+ zmq_common.[ch]: Improved modularity of the ZMQ internal API and
  decoupled bind/connect from push/pull and pub/sub; also improved
  support for inproc sockets. All to increase the amount of use-cases
  covered by the API.
+ bgp_peer_src_as_map: added 'filter' key to cover pmacctd/uacctd use
  cases.
+ nfprobe, sfprobe plugins: introduced [sn]fprobe_index_override to
  override ifindexes dynamically determined (ie. by NFLOG) with values
  computed by [sn]fprobe_ifindex.
+ MySQL, PostgreSQL plugins: added support for SSL/TLS connections by
  specifying a CA certificate (sql_conn_ca_file).
+ Kafka, AMQP plugins: amqp_markers and kafka_markers have now been
  properly re-implemented when output encoding is Avro using an own
  Avro schema (instead of squatting pieces of JSON in the data stream
  for the very purpose).
+ print plugin: introduced print_write_empty_file config knob (true,
  false) to create an empty output file when there are no cache entries
  to purge. Such behaviour was present in versions up to 0.14 and may
  be preferred by some to the new >= 1.5 versions behaviour. Thanks to
  Lee Yongjae ( @setup74 ) for the

Re: [pmacct-discussion] pmbmpd and IPv6

2019-07-15 Thread Fabien VINCENT 
Le 2019-07-15 20:21, Fabien VINCENT a écrit :

> Le 2019-07-15 18:14, Paolo Lucente a écrit : 
> 
> Hi Fabien,
> 
> Just to confirm that IPv6 should be supported just fine in pmbmpd: the
> code for parsing BGP Update PDUs is shared with BGP and, actually, even
> the compiler flags that were allowing to disable IPv6 support are gone. 
> It smells it may be IPv6 data is not included in the export from the
> router - can you inspect raw BMP data (say, with wireshark) to be extra
> sure? Of course just let me know if you need help with that.
> 
> Paolo
> 
> On Mon, Jul 15, 2019 at 01:45:55PM +0200, Fabien VINCENT wrote: Dear, 
> 
> I try to setup a PoC using pmbmpd 
> 
> I have a strange behavior with A9K/IOS-XR sending BMP data to bmp-server
> 
> I have the sample config 
> 
> !
> bmp_daemon: true
> bmp_daemon_ip: 10.x.y.z
> bmp_daemon_port: 1790
> !
> ! default to 10
> !bmp_daemon_max_peers
> !
> bmp_daemon_msglog_file: /var/log/pmbmpd/bmp-$peer_src_ip.log
> !
> 
> bmp_daemon_allow_file: /opt/pmacct/conf/bmp.allowed
> bmp_dump_file: /tmp/pmbmpd/$bmp_router-%s.dump
> bmp_dump_output: json
> bmp_dump_refresh_time: 120 
> 
> And when dump files are written, nothing related to IPv6 BMP export. Is
> it supported on pmacct 1.7.3 ? 
> 
> # /usr/local/sbin/pmbmpd -V
> pmacct BMP Collector Daemon, pmbmpd 1.7.3-git (20190418-00+c4)
> 
> Arguments:
> '--enable-pgsql' '--enable-rabbitmq' '--enable-kafka' '--enable-geoip'
> '--enable-jansson' '--enable-l2' '--enable-64bit'
> '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins'
> '--enable-st-bins'
> 
> Libs:
> libpcap version 1.8.1
> PostgreSQL 19
> rabbimq-c 0.8.0
> rdkafka 0.11.3
> jansson 2.11
> 
> System:
> Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019
> x86_64
> 
> Compiler:
> gcc 7.4.0
> 
> For suggestions, critics, bugs, contact me: Paolo Lucente
> . 
> 
> Anything related to pmbmpd or IOS-XR ? 
> 
> -- 
> FABIEN VINCENT
> ---
> @beufanet
> --- 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists 
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

Agree, will look at pcap dump tomorrow morning.

-- 
FABIEN VINCENT
---
@beufanet
--- 
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists 

Can't find any reason why bmp config on IOS-XR is not sending anything
to server 

bmp server 1
bmp server 1 host 10.y.x.z port 1790
bmp server 1 vrf MYVRF
bmp server 1 description blabla-pmbmpd
bmp server 1 update-source LoopbackA
bmp server 1 flapping-delay 3600
bmp server 1 initial-delay 60
bmp server 1 stats-reporting-period 120
bmp server 1 initial-refresh delay 120 

=> works
router bgp 65534 neighbor 192.168.2.1 bmp-activate server 1 

=> not working
router bgp 65534 neighbor 2001:dead::beef bmp-activate server 1 

Seems related to IOS-XR behavior but can't explain why as I received no
IPv6 BMP dump on IPv4 10.x.y.z 

Did someone already worked on it ? 

-- 
FABIEN VINCENT
--- 
@beufanet
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] pmbmpd and IPv6

2019-07-15 Thread Fabien VINCENT 
Le 2019-07-15 18:14, Paolo Lucente a écrit :

> Hi Fabien,
> 
> Just to confirm that IPv6 should be supported just fine in pmbmpd: the
> code for parsing BGP Update PDUs is shared with BGP and, actually, even
> the compiler flags that were allowing to disable IPv6 support are gone. 
> It smells it may be IPv6 data is not included in the export from the
> router - can you inspect raw BMP data (say, with wireshark) to be extra
> sure? Of course just let me know if you need help with that.
> 
> Paolo
> 
> On Mon, Jul 15, 2019 at 01:45:55PM +0200, Fabien VINCENT wrote: 
> 
>> Dear, 
>> 
>> I try to setup a PoC using pmbmpd 
>> 
>> I have a strange behavior with A9K/IOS-XR sending BMP data to bmp-server
>> 
>> I have the sample config 
>> 
>> !
>> bmp_daemon: true
>> bmp_daemon_ip: 10.x.y.z
>> bmp_daemon_port: 1790
>> !
>> ! default to 10
>> !bmp_daemon_max_peers
>> !
>> bmp_daemon_msglog_file: /var/log/pmbmpd/bmp-$peer_src_ip.log
>> !
>> 
>> bmp_daemon_allow_file: /opt/pmacct/conf/bmp.allowed
>> bmp_dump_file: /tmp/pmbmpd/$bmp_router-%s.dump
>> bmp_dump_output: json
>> bmp_dump_refresh_time: 120 
>> 
>> And when dump files are written, nothing related to IPv6 BMP export. Is
>> it supported on pmacct 1.7.3 ? 
>> 
>> # /usr/local/sbin/pmbmpd -V
>> pmacct BMP Collector Daemon, pmbmpd 1.7.3-git (20190418-00+c4)
>> 
>> Arguments:
>> '--enable-pgsql' '--enable-rabbitmq' '--enable-kafka' '--enable-geoip'
>> '--enable-jansson' '--enable-l2' '--enable-64bit'
>> '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins'
>> '--enable-st-bins'
>> 
>> Libs:
>> libpcap version 1.8.1
>> PostgreSQL 19
>> rabbimq-c 0.8.0
>> rdkafka 0.11.3
>> jansson 2.11
>> 
>> System:
>> Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019
>> x86_64
>> 
>> Compiler:
>> gcc 7.4.0
>> 
>> For suggestions, critics, bugs, contact me: Paolo Lucente
>> . 
>> 
>> Anything related to pmbmpd or IOS-XR ? 
>> 
>> -- 
>> FABIEN VINCENT
>> ---
>> @beufanet
>> ---
> 
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

Agree, will look at pcap dump tomorrow morning.

-- 
FABIEN VINCENT
---
@beufanet
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] pmbmpd and IPv6

2019-07-15 Thread Fabien VINCENT 
Dear, 

I try to setup a PoC using pmbmpd 

I have a strange behavior with A9K/IOS-XR sending BMP data to bmp-server


I have the sample config 

!
bmp_daemon: true
bmp_daemon_ip: 10.x.y.z
bmp_daemon_port: 1790
!
! default to 10
!bmp_daemon_max_peers
!
bmp_daemon_msglog_file: /var/log/pmbmpd/bmp-$peer_src_ip.log
!

bmp_daemon_allow_file: /opt/pmacct/conf/bmp.allowed
bmp_dump_file: /tmp/pmbmpd/$bmp_router-%s.dump
bmp_dump_output: json
bmp_dump_refresh_time: 120 

And when dump files are written, nothing related to IPv6 BMP export. Is
it supported on pmacct 1.7.3 ? 

# /usr/local/sbin/pmbmpd -V
pmacct BMP Collector Daemon, pmbmpd 1.7.3-git (20190418-00+c4)

Arguments:
 '--enable-pgsql' '--enable-rabbitmq' '--enable-kafka' '--enable-geoip'
'--enable-jansson' '--enable-l2' '--enable-64bit'
'--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins'
'--enable-st-bins'

Libs:
libpcap version 1.8.1
PostgreSQL 19
rabbimq-c 0.8.0
rdkafka 0.11.3
jansson 2.11

System:
Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019
x86_64

Compiler:
gcc 7.4.0

For suggestions, critics, bugs, contact me: Paolo Lucente
. 

Anything related to pmbmpd or IOS-XR ? 

-- 
FABIEN VINCENT
---
@beufanet
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Debug print plugins

2018-12-13 Thread Fabien VINCENT 
Dear List, 

I'm trying to do other tests with print plugin in json. But after some
tests, I'm not able anymore to work the json file, it's never written on
dis (I've removed a bit of sensitive informations with [...]) 

# /usr/local/sbin/nfacctd -d -f /opt/pmacct/conf/nfacctd.ebgp.conf 
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] plugin name/type:
'default'/'core'.
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] plugin name/type:
'generalOutEbgp'/'print'.
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] daemonize:false
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
pidfile:/var/run/nfacctd_ebgp.pid
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
logfile:/var/log/nfacctd/ebgp.log
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] syslog:daemon
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] interface:[...]
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_ip:[...]
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_port:[...]
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_as:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_as_new:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_time_new:true
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_disable_checks:true
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_net:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_renormalize:true
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
nfacctd_ext_sampling_rate:8000
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] refresh_maps:true
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
pre_tag_map:/opt/pmacct/conf/pretag.map
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
aggregate[generalOutEbgp]:dst_as,in_iface,out_iface,as_path,dst_host_country,peer_dst_as,peer_dst_ip,etype,tag
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
geoip_ipv4_file:/usr/share/GeoIP/GeoIP.dat
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
geoip_ipv6_file:/usr/share/GeoIP/GeoIPv6.dat
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] refresh_maps:true
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon:true
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon_ip:[...]
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon_max_peers:4
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_peer_src_as_type:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_src_as_path_type:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_src_std_comm_type:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_stdcomm_pattern:[...]:
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_src_ext_comm_type:bgp
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
bgp_agent_map:/opt/pmacct/conf/ebgp.map
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
bgp_daemon_allow_file:/opt/pmacct/conf/bgp.allowed
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
print_output_file[generalOutEbgp]:/tmp/nfacctdOutEbgp.json
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
print_output[generalOutEbgp]:json
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
print_history[generalOutEbgp]:2m
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
print_history_roundoff[generalOutEbgp]:m
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
print_refresh_time[generalOutEbgp]:120
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
print_trigger_exec[generalOutEbgp]:/opt/nfacctd2influx/nfacctd2influx.sh
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
plugin_pipe_size[generalOutEbgp]:1024000
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf]
plugin_buffer_size[generalOutEbgp]:1024
DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] debug:true 

But file is never created on /tmp/nfacctdOutEbgp.json and purge happen
without any effect : 

2018-12-13T16:32:01Z INFO ( generalOutEbgp/print ): *** Purging cache -
START (PID: 5604) ***
2018-12-13T16:32:01Z INFO ( generalOutEbgp/print ): *** Purging cache -
END (PID: 5604, QN: 0/0, ET: 0) *** 

How can I tshoot the problem ? What's missing / wrong ? 

-- 

FABIEN VINCENT
---
 @beufanet

---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] bgp_as_path_radius / pgsql and bgp_aggregate

2018-12-07 Thread Fabien VINCENT 
Dear List, 

I've an issue when nfacctd try to push to pgsql database : 

PGSQL log file : 

ERROR:  value too long for type character(80)
CONTEXT: 

COPY flow _*_, line 74771, column as_path_src: "14061
{46652,421001,4210010200,4210010201,4210010202,4210010297,4210010400,4210010402,4210010499..."


In my nfacctd config file I've : 

bgp_aspath_radius: 10 

because as_path_src is set to CHAR(80). But seems BGP aggregates break
the rules ? 

Is there anyway to limit / cut down BGP aggregates in column as_path_src
? 

Thanks =)

-- 

FABIEN VINCENT
---

@beufanet
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] pgsql tables v8/v9

2018-12-06 Thread Fabien VINCENT 
Dear List, 

Documentation is pretty fine regarding tables v1 to v7. But what about
v8/v9 structures ? Why should I need these one ? 

Thanks for the feedback

-- 

FABIEN VINCENT
---
 @beufanet

---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] /usr/bin/ld: cannot find -lz while building 1.7.2

2018-12-06 Thread Fabien VINCENT 
Le 2018-12-05 15:01, Paolo Lucente a écrit :

> Hi Fabien,
> 
> On Debian and similars you need zlib1g-dev installed. Please check and
> let me know if that was the issue.
> 
> Paolo
> 
> On Wed, Dec 05, 2018 at 09:36:01AM +0100, Fabien VINCENT wrote: 
> 
>> Hi list, 
>> 
>> Any help or pointer regarding a make failed as follow : 
>> 
>> # make 
>> 
>> [...] 
>> 
>> CCLD pmacct
>> CC   pmacctd.o
>> CCLD pmacctd
>> /usr/bin/ld: cannot find -lz
>> collect2: error: ld returned 1 exit status
>> Makefile:787: recipe for target 'pmacctd' failed
>> make[2]: *** [pmacctd] Error 1
>> make[2]: Leaving directory '/opt/pmacct/github_src/pmacct/src'
>> Makefile:1260: recipe for target 'all-recursive' failed
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory '/opt/pmacct/github_src/pmacct/src'
>> Makefile:675: recipe for target 'all-recursive' failed
>> make: *** [all-recursive] Error 1 
>> 
>> Any missing libraries on an fresh install perhaps ? 
>> 
>> #/usr/bin/ld -lz -verbose 
>> 
>> [...]
>> ==
>> attempt to open //usr/local/lib/x86_64-linux-gnu/libz.so failed
>> attempt to open //usr/local/lib/x86_64-linux-gnu/libz.a failed
>> attempt to open //lib/x86_64-linux-gnu/libz.so failed
>> attempt to open //lib/x86_64-linux-gnu/libz.a failed
>> attempt to open //usr/lib/x86_64-linux-gnu/libz.so failed
>> attempt to open //usr/lib/x86_64-linux-gnu/libz.a failed
>> attempt to open //usr/lib/x86_64-linux-gnu64/libz.so failed
>> attempt to open //usr/lib/x86_64-linux-gnu64/libz.a failed
>> attempt to open //usr/local/lib64/libz.so failed
>> attempt to open //usr/local/lib64/libz.a failed
>> attempt to open //lib64/libz.so failed
>> attempt to open //lib64/libz.a failed
>> attempt to open //usr/lib64/libz.so failed
>> attempt to open //usr/lib64/libz.a failed
>> attempt to open //usr/local/lib/libz.so failed
>> attempt to open //usr/local/lib/libz.a failed
>> attempt to open //lib/libz.so failed
>> attempt to open //lib/libz.a failed
>> attempt to open //usr/lib/libz.so failed
>> attempt to open //usr/lib/libz.a failed
>> attempt to open //usr/x86_64-linux-gnu/lib64/libz.so failed
>> attempt to open //usr/x86_64-linux-gnu/lib64/libz.a failed
>> attempt to open //usr/x86_64-linux-gnu/lib/libz.so failed
>> attempt to open //usr/x86_64-linux-gnu/lib/libz.a failed
>> /usr/bin/ld: cannot find -lz 
>> 
>> -- 
>> 
>> FABIEN VINCENT
>> ----------- 
>> @beufanet
>> ---
> 
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists

Hi Paolo, 

Yeah, it's on Bionic/18.04 and apt install libzip-dev fixed the build
issue ;) Will ask another question in another thread ;)

-- 

FABIEN VINCENT
---
 @beufanet

---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] /usr/bin/ld: cannot find -lz while building 1.7.2

2018-12-05 Thread Fabien VINCENT 
Hi list, 

Any help or pointer regarding a make failed as follow : 

# make 

[...] 

  CCLD pmacct
  CC   pmacctd.o
  CCLD pmacctd
/usr/bin/ld: cannot find -lz
collect2: error: ld returned 1 exit status
Makefile:787: recipe for target 'pmacctd' failed
make[2]: *** [pmacctd] Error 1
make[2]: Leaving directory '/opt/pmacct/github_src/pmacct/src'
Makefile:1260: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/opt/pmacct/github_src/pmacct/src'
Makefile:675: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1 

Any missing libraries on an fresh install perhaps ? 

#/usr/bin/ld -lz -verbose 

[...]
==
attempt to open //usr/local/lib/x86_64-linux-gnu/libz.so failed
attempt to open //usr/local/lib/x86_64-linux-gnu/libz.a failed
attempt to open //lib/x86_64-linux-gnu/libz.so failed
attempt to open //lib/x86_64-linux-gnu/libz.a failed
attempt to open //usr/lib/x86_64-linux-gnu/libz.so failed
attempt to open //usr/lib/x86_64-linux-gnu/libz.a failed
attempt to open //usr/lib/x86_64-linux-gnu64/libz.so failed
attempt to open //usr/lib/x86_64-linux-gnu64/libz.a failed
attempt to open //usr/local/lib64/libz.so failed
attempt to open //usr/local/lib64/libz.a failed
attempt to open //lib64/libz.so failed
attempt to open //lib64/libz.a failed
attempt to open //usr/lib64/libz.so failed
attempt to open //usr/lib64/libz.a failed
attempt to open //usr/local/lib/libz.so failed
attempt to open //usr/local/lib/libz.a failed
attempt to open //lib/libz.so failed
attempt to open //lib/libz.a failed
attempt to open //usr/lib/libz.so failed
attempt to open //usr/lib/libz.a failed
attempt to open //usr/x86_64-linux-gnu/lib64/libz.so failed
attempt to open //usr/x86_64-linux-gnu/lib64/libz.a failed
attempt to open //usr/x86_64-linux-gnu/lib/libz.so failed
attempt to open //usr/x86_64-linux-gnu/lib/libz.a failed
/usr/bin/ld: cannot find -lz 

-- 

FABIEN VINCENT
--- 
@beufanet
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] print plugin

2018-02-13 Thread Fabien VINCENT 
Hi all, 

Trying to use the plugin print and seems I have an issue but can't find
why 

aggregate[trafficin]: in_iface, tag2, peer_src_as, src_as, peer_src_ip,
peer_dst_ip, std_comm, etype, tcpflags, dst_port, proto
plugins: print[trafficin] 

print_refresh_time: 60
print_history: 1m
print_output: json
print_output_file: /opt/data/nfacctd-in-%Y%m%d-%H%M.json
!print_history_roundoff: m
!print_output_file_append: true 

When starting, it's fine 

Feb 13 21:56:41 INFO ( default/core ): NetFlow Accounting Daemon,
nfacctd 1.7.0-git (20170924-00)
Feb 13 21:56:41 INFO ( default/core ):  '--build=x86_64-linux-gnu'
'--prefix=/usr/local' '--includedir=${prefix}/include'
'--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'
'--sysconfdir=/etc' '--localstatedir=/var'
'--libdir=/usr/lib/x86_64-linux-gnu'
'--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--enable-pgsql'
'--enable-mysql' '--enable-sqlite3' '--enable-ipv6' '--enable-64bit'
'--enable-threads' '--enable-jansFeb 13 21:56:41 INFO ( default/core ):
Reading configuration file '/etc/pmacct/nfacctd_in.conf'.
Feb 13 21:56:41 INFO ( default/core/BGP ): maximum BGP peers allowed:
100 

But after few seconds : 

Feb 13 21:59:51 INFO ( trafficin/print ): JSON: setting object handlers.
Feb 13 21:59:54 WARN ( default/core ): connection lost to
'trafficin-print'; closing connection.
Feb 13 21:59:54 WARN ( default/core ): no more plugins active. Shutting
down. 

Same with json and csv. Don't know why but sometimes it work ... 

> /usr/local/sbin/nfacctd -V
NetFlow Accounting Daemon, nfacctd 1.7.0-git (20170924-00)

Arguments:
 '--build=x86_64-linux-gnu' '--prefix=/usr/local'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libdir=/usr/lib/x86_64-linux-gnu'
'--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--enable-pgsql'
'--enable-mysql' '--enable-sqlite3' '--enable-ipv6' '--enable-64bit'
'--enable-threads' '--enable-jansson' 'build_alias=x86_64-linux-gnu'
'--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins'
'--enable-bmp-bins' '--enable-st-bins'

Libs:
libpcap version 1.6.2
MySQL 5.5.58
PostgreSQL 90415
sqlite3 3.8.7.1
jansson 2.7

System:
Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64

I was trying to do this, because the plugin pipe is missing data even
with : 

plugin_pipe_size:   32768
plugin_buffer_size: 327680

-- 

FABIEN VINCENT
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] RE on pretag.map

2017-10-20 Thread Fabien VINCENT 
Hi All, 

Is it possible to have regex on pretag.map  ? 

i.e. I want to match some fwdstatus and tag them in the same manner. 

Today I do : 

set_tag2=1 fwdstatus=64
set_tag2=1 fwdstatus=65
set_tag2=1 fwdstatus=66 

I want to know if I can do : 

set_tag2=1 fwdstatus=6[4-6] 

For example to simply the configuration. 

Let me know if it's possible to do some re on pretag.map (used inside
nfacctd daemon) 

Thanks :) 

-- 

FABIEN VINCENT
---
 @beufanet

---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dual Stack

2017-10-20 Thread Fabien VINCENT 
Le 2017-10-13 21:30, Paolo Lucente a écrit :

> Hi Fabien,
> 
> There was no progress on the OP (that is, choose an IPv4 and an IPv6
> address to listen to; but you can choose an IPv6 or an IPv6 address). 
> 
> Any chance you can make a tcpdump of the BGP session and send it over
> via unicast email? I have the scenario working perfectly for me (that
> is, v4 transport travelling both v4 and v6 AFs). Do you have cases in
> which you have a v4 NLRI with a v6 BGP next-hop (*)? That should work
> too but may have been a less tested scenario.
> 
> Cheers,
> Paolo
> 
> (*) https://tools.ietf.org/html/rfc5549
> 
> On Wed, Oct 11, 2017 at 10:43:49PM +0200, Fabien VINCENT wrote: Hi List ;) 
> 
> Paolo any news on this request ? Checking with IPv4/IPv6 AFI 1/2 over
> IPv4 BGP session, but seems next hop are not well populated (almost ::
> value) 
> 
> I'm wondering if this a bug (git version for fwdstatus patch) or if it's
> related to the fact we have AFI2/IPv6 over IPv4 BGP sessions. 
> 
> If I can select the BGP listening IPv4 / IPv6 address, I will be
> available to find if it's an issue or a PEBKAC ;) 
> 
> Thanks for this great tool ;) 
> 
> Le 2016-12-11 22:51, Fabien VINCENT a écrit :
> 
> Hi Paolo,
> 
> Happy to give you more work ;) It's not "needed", but it could be great I can 
> do it.
> 
> I thought about AF in another one, will try to implement / configure it on 
> ASR and give the trick here for the community/list ;)
> 
> Thanks for your help, great work and quick replies ;)
> 
> Le 2016-12-09 17:54, Paolo Lucente a écrit : Hi Fabien,
> 
> Yes, that is more clear, thanks for elaborating. In short, that is not
> currently possible. But the dev of the feature does not appear to be a
> biggie either, i've put it on my todo list. The only workaround that
> comes to mind, i know i'm saying the obvious, is to pick a transport
> (either v4 or v6, that is, not both) for BGP and travel ipv4/ipv6 AFs
> (along with any other AF you may need) in that same transport.
> 
> Cheers,
> Paolo
> 
> On Wed, Dec 07, 2016 at 09:53:54PM +0100, Fabien VINCENT wrote: Hi Paolo,
> 
> Le 2016-12-07 17:54, Paolo Lucente a écrit : Hi Fabien,
> 
> One step back on your question: you refer to the flow records or to the
> transport protocol here? You can travel v4 and v6 records within the
> same, say, v4 NetFlow/IPFIX/sFlow transport. This is what all exporters
> basically do; are you working with an exporter that is behaving in a
> different fashion? Like sending v4 records over a v4 transport and v6
> records into a v6 transport? If i understand your question correctly,
> that would be the only case in which it would apply.
> 
> It can be, but this is not what I'm trying to achieve here.
> 
> In any case you can select which v4 or v6 address you want to bind to,
> one (or otherwise you bind on all and then filter with iptables for
> example), with nfacctd_ip, sfacctd_ip and bgp_daemon_ip (the
> address you
> listen for NetFlow/IPFIX/sFlow can be different from the BGP one, yes).
> 
> How can I see the BGP daemon to listen on a specific IPv4 and IPv6 ?
> I wanted to do it to have both address family.
> 
> I run both nfacctd and sfacctd on the same server and BGP daemon
> have to be bind on sepecific seconday ipv4, because they have to
> bind both on TCP/179. And I want to do the same with IPv6 at the
> same time to have IPv6 sessions with DFZ routers.
> 
> If this answer does not help, please elaborate a bit more on what you
> are trying to achieve. 
> Is this more clear ?
> 
> Thanks !
> 
> Cheers,
> Paolo
> 
> On Tue, Dec 06, 2016 at 01:21:22PM +0100, Fabien VINCENT wrote: Dear list,
> 
> Any help on how to configure sfacctd and nfacctd on dual stack ?
> 
> I mean having both IPv4 and IPv6 running on sfacctd, with collector
> enabled on both protocols ?
> 
> I've seen the trick for bgp_daemon_ip, but don't know how to bind to
> specific ip4 and ip6 on my server the sfacctd bgp daemon and the
> daemon itself.
> 
> Thanks in advance !
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

Thanks, will have a look soon.

-- 

FABIEN VINCENT
---

@beufanet
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dual Stack

2017-10-11 Thread Fabien VINCENT 
Hi List ;) 

Paolo any news on this request ? Checking with IPv4/IPv6 AFI 1/2 over
IPv4 BGP session, but seems next hop are not well populated (almost ::
value) 

I'm wondering if this a bug (git version for fwdstatus patch) or if it's
related to the fact we have AFI2/IPv6 over IPv4 BGP sessions. 

If I can select the BGP listening IPv4 / IPv6 address, I will be
available to find if it's an issue or a PEBKAC ;) 

Thanks for this great tool ;) 

Le 2016-12-11 22:51, Fabien VINCENT a écrit :

> Hi Paolo,
> 
> Happy to give you more work ;) It's not "needed", but it could be great I can 
> do it.
> 
> I thought about AF in another one, will try to implement / configure it on 
> ASR and give the trick here for the community/list ;)
> 
> Thanks for your help, great work and quick replies ;)
> 
> Le 2016-12-09 17:54, Paolo Lucente a écrit : Hi Fabien,
> 
> Yes, that is more clear, thanks for elaborating. In short, that is not
> currently possible. But the dev of the feature does not appear to be a
> biggie either, i've put it on my todo list. The only workaround that
> comes to mind, i know i'm saying the obvious, is to pick a transport
> (either v4 or v6, that is, not both) for BGP and travel ipv4/ipv6 AFs
> (along with any other AF you may need) in that same transport.
> 
> Cheers,
> Paolo
> 
> On Wed, Dec 07, 2016 at 09:53:54PM +0100, Fabien VINCENT wrote: Hi Paolo,
> 
> Le 2016-12-07 17:54, Paolo Lucente a écrit : Hi Fabien,
> 
> One step back on your question: you refer to the flow records or to the
> transport protocol here? You can travel v4 and v6 records within the
> same, say, v4 NetFlow/IPFIX/sFlow transport. This is what all exporters
> basically do; are you working with an exporter that is behaving in a
> different fashion? Like sending v4 records over a v4 transport and v6
> records into a v6 transport? If i understand your question correctly,
> that would be the only case in which it would apply.
> 
> It can be, but this is not what I'm trying to achieve here.
> 
> In any case you can select which v4 or v6 address you want to bind to,
> one (or otherwise you bind on all and then filter with iptables for
> example), with nfacctd_ip, sfacctd_ip and bgp_daemon_ip (the
> address you
> listen for NetFlow/IPFIX/sFlow can be different from the BGP one, yes).
> 
> How can I see the BGP daemon to listen on a specific IPv4 and IPv6 ?
> I wanted to do it to have both address family.
> 
> I run both nfacctd and sfacctd on the same server and BGP daemon
> have to be bind on sepecific seconday ipv4, because they have to
> bind both on TCP/179. And I want to do the same with IPv6 at the
> same time to have IPv6 sessions with DFZ routers.
> 
> If this answer does not help, please elaborate a bit more on what you
> are trying to achieve. 
> Is this more clear ?
> 
> Thanks !
> 
> Cheers,
> Paolo
> 
> On Tue, Dec 06, 2016 at 01:21:22PM +0100, Fabien VINCENT wrote: Dear list,
> 
> Any help on how to configure sfacctd and nfacctd on dual stack ?
> 
> I mean having both IPv4 and IPv6 running on sfacctd, with collector
> enabled on both protocols ?
> 
> I've seen the trick for bgp_daemon_ip, but don't know how to bind to
> specific ip4 and ip6 on my server the sfacctd bgp daemon and the
> daemon itself.
> 
> Thanks in advance !
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] fswstatus

2017-09-26 Thread Fabien VINCENT 
Le 2017-09-25 14:33, Paolo Lucente a écrit :

> Hi Fabien,
> 
> I support Emil's comment, just tried myself (same build, same compile
> options as yours) and i don't get the 'unknown key' message back. On
> your other question, when 1.7.0 will be out: later today the code in
> GitHub master will be switched to 1.7.1 and 1.7.0 will be branched out
> (freeed). I then expect 1.7.0 bo the released in a couple of weeks from
> today, if no major issue is hit meanwhile.
> 
> Paolo
> 
> On Mon, Sep 25, 2017 at 10:45:38AM +0100, Emil wrote: Hello Fabien.
> 
> I wrote the patch for fwdstatus;
> my config looks like this:
> 
> ! Only tag denys with 10
> set_tag2=10 fwdstatus=129
> set_tag2=20 fwdstatus=64
> 
> And it works. Can you check your source code and look for
> "PT_map_fwdstatus_handler"
> in src/pretag_handlers.c If that is present it _should_ work.
> 
> Best Regards.
> 
> 2017-09-25 8:22 GMT+01:00 Fabien VINCENT <fab...@beufa.net>:
> 
> Le 2017-09-25 03:41, Paolo Lucente a écrit :
> 
> Hi Fabien,
> 
> What version are you running? You can confirm this with a 'nfacctd -V';
> the feature was added in 1.7.0 (that is, master code on GitHub). I can
> also confirm you, on your original question, that an atoi() is performed
> on the input value - so you should express values in decimal.
> 
> Paolo
> 
> On Sun, Sep 24, 2017 at 10:28:22PM +0200, Fabien VINCENT wrote:
> 
> Le 2017-09-22 15:23, Fabien VINCENT a écrit :
> 
> Hi,
> 
> I'm looking for some examples around fwdstatus on pretag
> 
> _'fwdstatus' MATCH: In NFv9/IPFIX this is compared against IE #89; see
> https://www.iana.org/assignments/ipfix/ipfix.xhtml for the specific
> semantics of the field and some examples._
> 
> How to use it ? I was looking to do king of pretag like
> 
> set_tag=0 fwdstatus=00b
> 
> set_tag=1 fwdstatus=01b
> 
> set_tag=2 fwdstatus=10b
> 
> Is it the way of dealing with this parameter ?
> 
> --
> 
> FABIEN VINCENT
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
> 
> Is the option available ?
> Sep 24 22:30:13 INFO ( default/core ): Trying to (re)load map:
> /etc/pmacct/nfacctd.pretag.map
> Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line
> 1 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored.
> Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line
> 2 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored.
> 
> [22:30 root@netflows pmacct-master] > cat /etc/pmacct/nfacctd.pretag.map
> set_tag=1 fwdstatus=65
> set_tag=2 fwdstatus=138
> 
> --
> 
> FABIEN VINCENT
> ---
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
> 
> I'm running the git master version (I tried)
> 
> [15:36 root@netflows opt] > /usr/local/sbin/nfacctd -V
> NetFlow Accounting Daemon, nfacctd 1.7.0-git (20170924-00)
> 
> Arguments:
> '--build=x86_64-linux-gnu' '--prefix=/usr/local' 
> '--includedir=${prefix}/include'
> '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'
> '--sysconfdir=/etc' '--localstatedir=/var' 
> '--libdir=/usr/lib/x86_64-linux-gnu'
> '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
> '--disable-dependency-tracking' '--enable-mmap' '--enable-pgsql'
> '--with-pgsql-includes=/usr/include/postgresql' '--enable-mysql'
> '--enable-sqlite3' '--enable-ipv6' '--enable-v4-mapped' '--enable-64bit'
> '--enable-threads' '--enable-jansson' '--enable-geoip' '--enable-ulog'
> 'build_alias=x86_64-linux-gnu' '--enable-l2' '--enable-traffic-bins'
> '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins'
> 
> Libs:
> libpcap version 1.6.2
> MySQL 5.5.57
> PostgreSQL 90413
> sqlite3 3.8.7.1
> jansson 2.7
> 
> System:
> Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64
> 
> For suggestions, critics, bugs, contact me: Paolo Lucente <
> pa...@pmacct.net>.
> 
> But seems option not catched, I've always the log
> 
> unknown key 'fwdstatus' at line
> 1 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored.
> 
> [09:23 root@netflows opt] > cat /etc/pmacct/nfacctd.pretag.map
> set_tag=1 fwdstatus=65
> set_tag=2 fwdstatus=138
> 
> Any ETA for v1.7.0 out ?
> 
> Thanks for your help.
> 
> --
> *Fabien VINCENT*
> ---
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct

Re: [pmacct-discussion] fswstatus

2017-09-24 Thread Fabien VINCENT 
Le 2017-09-22 15:23, Fabien VINCENT a écrit :

> Hi, 
> 
> I'm looking for some examples around fwdstatus on pretag 
> 
> _'fwdstatus' MATCH: In NFv9/IPFIX this is compared against IE #89; see 
> https://www.iana.org/assignments/ipfix/ipfix.xhtml for the specific semantics 
> of the field and some examples._ 
> 
> How to use it ? I was looking to do king of pretag like 
> 
> set_tag=0 fwdstatus=00b 
> 
> set_tag=1 fwdstatus=01b 
> 
> set_tag=2 fwdstatus=10b 
> 
> Is it the way of dealing with this parameter ? 
> 
> -- 
> 
> FABIEN VINCENT 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

Is the option available ? 
Sep 24 22:30:13 INFO ( default/core ): Trying to (re)load map:
/etc/pmacct/nfacctd.pretag.map
Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line
1 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored.
Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line
2 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored. 

[22:30 root@netflows pmacct-master] > cat /etc/pmacct/nfacctd.pretag.map
set_tag=1 fwdstatus=65
set_tag=2 fwdstatus=138

-- 

FABIEN VINCENT
---___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] fswstatus

2017-09-22 Thread Fabien VINCENT 
Hi, 

I'm looking for some examples around fwdstatus on pretag 

_'fwdstatus' MATCH: In NFv9/IPFIX this is compared against IE #89; see
https://www.iana.org/assignments/ipfix/ipfix.xhtml for the specific
semantics of the field and some examples._ 

How to use it ? I was looking to do king of pretag like 

set_tag=0 fwdstatus=00b 

set_tag=1 fwdstatus=01b 

set_tag=2 fwdstatus=10b 

Is it the way of dealing with this parameter ? 

-- 

FABIEN VINCENT___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Dual Stack

2016-12-07 Thread Fabien VINCENT 

Hi Paolo,

Le 2016-12-07 17:54, Paolo Lucente a écrit :

Hi Fabien,

One step back on your question: you refer to the flow records or to the
transport protocol here? You can travel v4 and v6 records within the
same, say, v4 NetFlow/IPFIX/sFlow transport. This is what all exporters
basically do; are you working with an exporter that is behaving in a
different fashion? Like sending v4 records over a v4 transport and v6
records into a v6 transport? If i understand your question correctly,
that would be the only case in which it would apply.



It can be, but this is not what I'm trying to achieve here.


In any case you can select which v4 or v6 address you want to bind to,
one (or otherwise you bind on all and then filter with iptables for
example), with nfacctd_ip, sfacctd_ip and bgp_daemon_ip (the address 
you

listen for NetFlow/IPFIX/sFlow can be different from the BGP one, yes).



How can I see the BGP daemon to listen on a specific IPv4 and IPv6 ? I 
wanted to do it to have both address family.


I run both nfacctd and sfacctd on the same server and BGP daemon have to 
be bind on sepecific seconday ipv4, because they have to bind both on 
TCP/179. And I want to do the same with IPv6 at the same time to have 
IPv6 sessions with DFZ routers.



If this answer does not help, please elaborate a bit more on what you
are trying to achieve.


Is this more clear ?

Thanks !



Cheers,
Paolo


On Tue, Dec 06, 2016 at 01:21:22PM +0100, Fabien VINCENT wrote:

Dear list,

Any help on how to configure sfacctd and nfacctd on dual stack ?

I mean having both IPv4 and IPv6 running on sfacctd, with collector
enabled on both protocols ?

I've seen the trick for bgp_daemon_ip, but don't know how to bind to
specific ip4 and ip6 on my server the sfacctd bgp daemon and the
daemon itself.

Thanks in advance !

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Dual Stack

2016-12-06 Thread Fabien VINCENT 

Dear list,

Any help on how to configure sfacctd and nfacctd on dual stack ?

I mean having both IPv4 and IPv6 running on sfacctd, with collector 
enabled on both protocols ?


I've seen the trick for bgp_daemon_ip, but don't know how to bind to 
specific ip4 and ip6 on my server the sfacctd bgp daemon and the daemon 
itself.


Thanks in advance !

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] nfacctd : lost out_iface index

2016-08-16 Thread Fabien VINCENT 

I found the problem, tried to install first with debian package :

 > /usr/bin/pmacct -V
pmacct, pmacct client 1.5.0 (20140828-00)
 --build=x86_64-linux-gnu --prefix=/usr '--includedir=${prefix}/include' 
'--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 
--sysconfdir=/etc --localstatedir=/var 
'--libdir=${prefix}/lib/x86_64-linux-gnu' 
'--libexecdir=${prefix}/lib/x86_64-linux-gnu' --disable-maintainer-mode 
--disable-dependency-tracking --enable-mmap --enable-pgsql 
--with-pgsql-includes=/usr/include/postgresql --enable-mysql 
--enable-sqlite3 --enable-ipv6 --enable-v4-mapped --enable-64bit 
--enable-threads --enable-jansson --enable-geoip --enable-rabbitmq 
--enable-ulog


For suggestions, critics, bugs, contact me: Paolo Lucente 
<pa...@pmacct.net>.


But I used the compiled version :(

 > /usr/local/bin/pmacct -V
pmacct, pmacct client 1.5.3 (20160114-00)
 --enable-jansson --enable-ipv6

For suggestions, critics, bugs, contact me: Paolo Lucente 
<pa...@pmacct.net>.


Sorry for the noise.

Anyway, I found something strange. When I activate more than 1 memory 
plugin with another aggregate, values are becoming inaccurate :( Still 
digging but don't know why with communities aggregate I start to have 
inaccurate values. Will drop a message when I have time to dig into.



Le 2016-08-15 14:18, Paolo Lucente a écrit :

Hi Fabien,

Can you better describe "This was working before"? In a previous 
version
of pmacct, doing a different query, with a different plugin? Your 
config
looks simple enough and correct - and i could not reproduce the issue 
in
lab. Did you check with wireshark, for example, the original NetFlow 
data?

Does it contain the output interface info?

Cheers,
Paolo

On Fri, Aug 12, 2016 at 11:21:26AM +0200, Fabien VINCENT wrote:

Hello all,

This was working before, but don't know why I lost the information :

[11:16 ~] > pmacct -se -p /tmp/traffic_out.pipe  | more
OUT_IFACE   AS_PATH  PEER_SRC_IP
PACKETS   BYTES
0   9498_9829_9829_9829  a.b.c.d
0 23200100
0   20764_60299_34703_34703_34703   a.b.c.d
0 3239624986
0   286_34984_34984_34984_16135   a.b.c.d
0 3441282336

My nfacctd config file :

! nfacctd configuration
daemonize: true
pidfile: /var/run/nfacctd.pid
logfile: /var/log/nfacctd.log
nfacctd_time_new: true
aggregate[traffic_out]: out_iface, peer_src_ip, as_path
plugins: memory[traffic_out]
imt_path[traffic_out]: /tmp/traffic_out.pipe

plugin_pipe_size:   819200
plugin_buffer_size: 8192000
imt_buckets: 65537
imt_mem_pools_size: 65536
imt_mem_pools_number: 0

bgp_daemon: true
bgp_daemon_max_peers: 100
bgp_daemon_ip: x.y.z.w
bgp_peer_src_as_type: bgp
bgp_src_as_path_type: bgp
bgp_src_std_comm_type: bgp
bgp_table_dump_file: /opt/pmacct/output/bgp-$peer_src_ip.dump
bgp_table_dump_refresh_time: 3600

nfacctd_as_new: bgp
nfacctd_renormalize: true
nfacctd_ext_sampling_rate: 4000
nfacctd_disable_checks: true

My nfacctd version :

[11:20 ] > nfacctd -V
NetFlow Accounting Daemon, nfacctd 1.5.3 (20160114-00)
 --enable-jansson --enable-ipv6

For suggestions, critics, bugs, contact me: Paolo Lucente
<pa...@pmacct.net>.

Thanks for your help !

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] nfacctd : lost out_iface index

2016-08-12 Thread Fabien VINCENT 

Hello all,

This was working before, but don't know why I lost the information :

[11:16 ~] > pmacct -se -p /tmp/traffic_out.pipe  | more
OUT_IFACE   AS_PATH  PEER_SRC_IP 
   PACKETS   BYTES
0   9498_9829_9829_9829  a.b.c.d 
0 23200100
0   20764_60299_34703_34703_34703   a.b.c.d  
 0 3239624986
0   286_34984_34984_34984_16135   a.b.c.d
0 3441282336


My nfacctd config file :

! nfacctd configuration
daemonize: true
pidfile: /var/run/nfacctd.pid
logfile: /var/log/nfacctd.log
nfacctd_time_new: true
aggregate[traffic_out]: out_iface, peer_src_ip, as_path
plugins: memory[traffic_out]
imt_path[traffic_out]: /tmp/traffic_out.pipe

plugin_pipe_size:   819200
plugin_buffer_size: 8192000
imt_buckets: 65537
imt_mem_pools_size: 65536
imt_mem_pools_number: 0

bgp_daemon: true
bgp_daemon_max_peers: 100
bgp_daemon_ip: x.y.z.w
bgp_peer_src_as_type: bgp
bgp_src_as_path_type: bgp
bgp_src_std_comm_type: bgp
bgp_table_dump_file: /opt/pmacct/output/bgp-$peer_src_ip.dump
bgp_table_dump_refresh_time: 3600

nfacctd_as_new: bgp
nfacctd_renormalize: true
nfacctd_ext_sampling_rate: 4000
nfacctd_disable_checks: true

My nfacctd version :

[11:20 ] > nfacctd -V
NetFlow Accounting Daemon, nfacctd 1.5.3 (20160114-00)
 --enable-jansson --enable-ipv6

For suggestions, critics, bugs, contact me: Paolo Lucente 
.


Thanks for your help !

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] pmacct -se error

2016-03-24 Thread Fabien VINCENT 
Thanks, finally, I found it was a init.d script problem. When launching 
from bash using -D, everything works fine.


I tweek the init.d script and everything are fine.

Great tool ;) Already loving it :D

Le 2016-03-24 00:06, Paolo Lucente a écrit :

Hi Fabien,

Is it possible a stale nfacctd is still running and bound to the port?
Or that on the system there is also a pmacct from packages? If neither
of these would be the case then i'd be puzzled myself and would be 
happy

to have a look at the issue myself.

Cheers,
Paolo

On Tue, Mar 22, 2016 at 11:30:01AM +0100, Fabien VINCENT wrote:

Dear List,

I've just installed pmacct from source to run an nfacctd collector
for netflow/bgp. When trying to execute a script to push data from
pmacct to graphite, which run pmacct -se, I've the following error.

[11:21 root@pmacct ~] > pmacct -se
ERROR: IP address sizes mismatch. daemon: 20  client: 8
ERROR: It's very likely that an IPv6-enabled package has been mixed
with a IPv4-only one.

ERROR: Please fix the issue before trying again.

How can I fix it ? I've disabled all IPv6 on the machine, and can't
find documentation about the reason of this error.

Thanks for your help ;)


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] pmacct -se error

2016-03-22 Thread Fabien VINCENT 

Dear List,

I've just installed pmacct from source to run an nfacctd collector for 
netflow/bgp. When trying to execute a script to push data from pmacct to 
graphite, which run pmacct -se, I've the following error.


[11:21 root@pmacct ~] > pmacct -se
ERROR: IP address sizes mismatch. daemon: 20  client: 8
ERROR: It's very likely that an IPv6-enabled package has been mixed with 
a IPv4-only one.


ERROR: Please fix the issue before trying again.

How can I fix it ? I've disabled all IPv6 on the machine, and can't find 
documentation about the reason of this error.


Thanks for your help ;)


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists