Hi Paolo,
Thank you for your reply. I really was hoping it would work :). Do you
think it is still possible with nfacctd and just dumping traffic on the
ethernet interface instead of receiving netflow?
pon., 15 lut 2021 o 01:07 Paolo Lucente napisał(a):
>
> Hi Michal,
>
> Similar topic was discussed recently on the list (*) but, as you can
> see, the broad generic answer to it is negative.
>
> Paolo
>
> (*)
> https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg04028.html
>
>
> On 14/02/2021 22:34, Michał Margula wrote:
> > Hi,
> >
> > I am trying to achieve following setup with pmacct:
> > - receive netflow export from X that does not contain AS numbers
> > - resend it to Y but adding AS number information
> >
> > I was able to configure BGP peering with one of our routers (tried both
> > with Cisco and FRR). I tried both eBGP and IBGP. I confirmed both on the
> > router and the pmacct (via bgp_table_dump_file) that I am correctly
> > receiving the BGP feed. I also tried two versions of bgp_agent_map - one
> > with router-id of the router and another with just the IP I am peering
> > with under bgp_ip.
> >
> > Then I tried with pmacctd instead of nfacctd but with no luck. AS
> > numbers are always empty in netflow export, it is the same when I do
> > pmacct -s -a. This is the config I used for nfacctd:
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
> > ! nfacctd configuration
> > !
> > !
> > !
> > daemonize: true
> > pidfile: /var/run/nfacctd.pid
> > syslog: daemon
> >
> > nfacctd_ip: 127.0.0.1
> > nfacctd_port: 2100
> > root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
> > ! nfacctd configuration
> > !
> > !
> > !
> > daemonize: true
> > pidfile: /var/run/nfacctd.pid
> > syslog: daemon
> >
> > nfacctd_ip: 127.0.0.1
> > nfacctd_port: 2100
> >
> > bgp_daemon: true
> > bgp_daemon_ip: 192.168.223.10
> > bgp_daemon_max_peers: 100
> > bgp_daemon_as: 65535
> > bgp_agent_map: /etc/pmacct/bgp_agent.map
> > nfacctd_as: bgp
> >
> > plugins: tee[a]
> > tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
> > root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
> > bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
> > id=1 ip=192.168.222.9:7779
> >
> >
> > bgp_daemon: true
> > bgp_daemon_ip: 192.168.223.10
> > bgp_daemon_max_peers: 100
> > bgp_daemon_as: 65535
> > bgp_agent_map: /etc/pmacct/bgp_agent.map
> > nfacctd_as: bgp
> >
> > plugins: tee[a]
> > tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
> > root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
> > bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
> > id=1 ip=192.168.222.9:7779
> >
> > And this is pmacctd config I used:
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/pmacctd.conf
> > ! pmacctd configuration
> > !
> > !
> > !
> > daemonize: true
> > pidfile: /var/run/pmacctd.pid
> > syslog: daemon
> >
> > promisc: true
> > aggregate: src_host,dst_host
> > interface: ens16f0
> > pmacctd_as: bgp
> > pmacctd_net: bgp
> >
> > nfprobe_receiver: 192.168.222.9:7779
> > nfprobe_version: 9
> >
> > bgp_daemon: true
> > bgp_daemon_ip: 192.168.223.10
> > bgp_daemon_max_peers: 100
> > bgp_daemon_as: 205679
> > bgp_agent_map: /etc/pmacct/bgp_agent.map
> > plugin_buffer_size: 409600
> > plugin_pipe_size: 40960
> >
> > And bgp_agent.map is the same. I feel like I am missing something
> > obvious, but can't find it. Any help would be greatly appreciatd.
> >
> > Kind regards,
> > Michał
> >
>
>
--
Michał Margula, mic...@margula.pl
"W życiu piękne są tylko chwile" [Ryszard Riedel]
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
