subject:"\[pmacct\-discussion\] nfacctd tee \- filter subnets before transmit"

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

2020-11-19 Thread Paolo Lucente



Hi Eric,

Fantastic, thanks for confirming!

Paolo

On 18/11/2020 21:08, eric c wrote:

Good afternoon Paolo,

I missed a part in the receiver config:

BEFORE:
id=100 ip=192.168.10.50:3056 

AFTER:
id=100 ip=192.168.10.50:3056  tag=100

I'm sorry about that. I tested it and it worked!

Thank you again for your help,
Eric


On Wed, Nov 18, 2020 at 12:22 PM eric c > wrote:


Hello Paolo,

Thank you for the reference.  I just looked at this and tested it
but it did not filter out the network I specified.  When I
wiresharked on the receiving host it was showing all traffic but not
the specified network (src_net=192.168.0.0/24 ) .

Below are the configs I used:

# nfacctd.conf
daemonize: false
nfacctd_port: 2055
nfacctd_ip: 0.0.0.0
logfile: /var/log/nfacctd.log

tee_transparent: true
maps_index: true

plugins: tee[a]

tee_receivers[a]: tee_receivers.lst
pre_tag_map[a]: pretag.map

plugin_buffer_size: 10240
plugin_pipe_size: 1024000
nfacctd_pipe_size: 1024000

# tee_receivers.lst
id=100 ip=192.168.10.50:3056 

# pretag.map
set_tag=100     ip=0.0.0.0/0   
  src_net=192.168.0.0/24 


I'm using nfacctd 1.7.5-git (20200510-00); FYI

Is there another part I'm missing from the config?

Thank you!
Eric




On Wed, Nov 18, 2020 at 10:46 AM Paolo Lucente mailto:pa...@pmacct.net>> wrote:


Hi Eric,

You could look at this piece of documentation for what you are
trying to
do:
https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200


The example focuses on src_mac and dst_mac, you should be using
src_net
and dst_net instead.

Paolo

On 18/11/2020 05:38, eric c wrote:
 > Good afternoon,
 >
 > Tring to setup nfacctd as replicator but would like to filter
what
 > subnets to replicate to the next receiver.
 >
 > Below is a config that is working without filtering:
 >
 > # nfacctd.conf
 > daemonize: false
 > nfacctd_port: 2055
 > nfacctd_ip: 0.0.0.0
 > logfile: /var/log/nfacctd.log
 >
 > plugins: tee[a]
 > tee_receivers[a]: tee_nflow_receivers.lst
 > tee_transparent: true
 >
 > # tee_nflow_receivers.lst
 > id=1 ip=192.168.10.50:3056 
>
 >
 > What config change can I add to only replicate IP src/dst to
10.0.0.0/24 
 > > and 192.168.0.0/24
 > for example?
 >
 > Thank you!
 > Eric
 >
 > ___
 > pmacct-discussion mailing list
 > http://www.pmacct.net/#mailinglists

 >


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

2020-11-18 Thread eric c

Good afternoon Paolo,

I missed a part in the receiver config:

BEFORE:
id=100 ip=192.168.10.50:3056

AFTER:
id=100 ip=192.168.10.50:3056 tag=100

I'm sorry about that. I tested it and it worked!

Thank you again for your help,
Eric


On Wed, Nov 18, 2020 at 12:22 PM eric c  wrote:

> Hello Paolo,
>
> Thank you for the reference.  I just looked at this and tested it but it
> did not filter out the network I specified.  When I wiresharked on the
> receiving host it was showing all traffic but not the specified network
> (src_net=192.168.0.0/24) .
>
> Below are the configs I used:
>
> # nfacctd.conf
> daemonize: false
> nfacctd_port: 2055
> nfacctd_ip: 0.0.0.0
> logfile: /var/log/nfacctd.log
>
> tee_transparent: true
> maps_index: true
>
> plugins: tee[a]
>
> tee_receivers[a]: tee_receivers.lst
> pre_tag_map[a]: pretag.map
>
> plugin_buffer_size: 10240
> plugin_pipe_size: 1024000
> nfacctd_pipe_size: 1024000
>
> # tee_receivers.lst
> id=100 ip=192.168.10.50:3056
>
> # pretag.map
> set_tag=100 ip=0.0.0.0/0src_net=192.168.0.0/24
>
> I'm using nfacctd 1.7.5-git (20200510-00); FYI
>
> Is there another part I'm missing from the config?
>
> Thank you!
> Eric
>
>
>
>
> On Wed, Nov 18, 2020 at 10:46 AM Paolo Lucente  wrote:
>
>>
>> Hi Eric,
>>
>> You could look at this piece of documentation for what you are trying to
>> do: https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200
>>
>> The example focuses on src_mac and dst_mac, you should be using src_net
>> and dst_net instead.
>>
>> Paolo
>>
>> On 18/11/2020 05:38, eric c wrote:
>> > Good afternoon,
>> >
>> > Tring to setup nfacctd as replicator but would like to filter what
>> > subnets to replicate to the next receiver.
>> >
>> > Below is a config that is working without filtering:
>> >
>> > # nfacctd.conf
>> > daemonize: false
>> > nfacctd_port: 2055
>> > nfacctd_ip: 0.0.0.0
>> > logfile: /var/log/nfacctd.log
>> >
>> > plugins: tee[a]
>> > tee_receivers[a]: tee_nflow_receivers.lst
>> > tee_transparent: true
>> >
>> > # tee_nflow_receivers.lst
>> > id=1 ip=192.168.10.50:3056 
>> >
>> > What config change can I add to only replicate IP src/dst to
>> 10.0.0.0/24
>> >  and 192.168.0.0/24  for
>> example?
>> >
>> > Thank you!
>> > Eric
>> >
>> > ___
>> > pmacct-discussion mailing list
>> > http://www.pmacct.net/#mailinglists
>> >
>>
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

2020-11-18 Thread eric c

Hello Paolo,

Thank you for the reference.  I just looked at this and tested it but it
did not filter out the network I specified.  When I wiresharked on the
receiving host it was showing all traffic but not the specified network
(src_net=192.168.0.0/24) .

Below are the configs I used:

# nfacctd.conf
daemonize: false
nfacctd_port: 2055
nfacctd_ip: 0.0.0.0
logfile: /var/log/nfacctd.log

tee_transparent: true
maps_index: true

plugins: tee[a]

tee_receivers[a]: tee_receivers.lst
pre_tag_map[a]: pretag.map

plugin_buffer_size: 10240
plugin_pipe_size: 1024000
nfacctd_pipe_size: 1024000

# tee_receivers.lst
id=100 ip=192.168.10.50:3056

# pretag.map
set_tag=100 ip=0.0.0.0/0src_net=192.168.0.0/24

I'm using nfacctd 1.7.5-git (20200510-00); FYI

Is there another part I'm missing from the config?

Thank you!
Eric




On Wed, Nov 18, 2020 at 10:46 AM Paolo Lucente  wrote:

>
> Hi Eric,
>
> You could look at this piece of documentation for what you are trying to
> do: https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200
>
> The example focuses on src_mac and dst_mac, you should be using src_net
> and dst_net instead.
>
> Paolo
>
> On 18/11/2020 05:38, eric c wrote:
> > Good afternoon,
> >
> > Tring to setup nfacctd as replicator but would like to filter what
> > subnets to replicate to the next receiver.
> >
> > Below is a config that is working without filtering:
> >
> > # nfacctd.conf
> > daemonize: false
> > nfacctd_port: 2055
> > nfacctd_ip: 0.0.0.0
> > logfile: /var/log/nfacctd.log
> >
> > plugins: tee[a]
> > tee_receivers[a]: tee_nflow_receivers.lst
> > tee_transparent: true
> >
> > # tee_nflow_receivers.lst
> > id=1 ip=192.168.10.50:3056 
> >
> > What config change can I add to only replicate IP src/dst to 10.0.0.0/24
> >  and 192.168.0.0/24  for
> example?
> >
> > Thank you!
> > Eric
> >
> > ___
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
> >
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

2020-11-18 Thread Paolo Lucente




Hi Eric,

You could look at this piece of documentation for what you are trying to 
do: https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200


The example focuses on src_mac and dst_mac, you should be using src_net 
and dst_net instead.


Paolo

On 18/11/2020 05:38, eric c wrote:

Good afternoon,

Tring to setup nfacctd as replicator but would like to filter what 
subnets to replicate to the next receiver.


Below is a config that is working without filtering:

# nfacctd.conf
daemonize: false
nfacctd_port: 2055
nfacctd_ip: 0.0.0.0
logfile: /var/log/nfacctd.log

plugins: tee[a]
tee_receivers[a]: tee_nflow_receivers.lst
tee_transparent: true

# tee_nflow_receivers.lst
id=1 ip=192.168.10.50:3056 

What config change can I add to only replicate IP src/dst to 10.0.0.0/24 
 and 192.168.0.0/24  for example?


Thank you!
Eric

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] nfacctd tee - filter subnets before transmit

2020-11-17 Thread eric c

Good afternoon,

Tring to setup nfacctd as replicator but would like to filter what subnets
to replicate to the next receiver.

Below is a config that is working without filtering:

# nfacctd.conf
daemonize: false
nfacctd_port: 2055
nfacctd_ip: 0.0.0.0
logfile: /var/log/nfacctd.log

plugins: tee[a]
tee_receivers[a]: tee_nflow_receivers.lst
tee_transparent: true

# tee_nflow_receivers.lst
id=1 ip=192.168.10.50:3056

What config change can I add to only replicate IP src/dst to 10.0.0.0/24
and 192.168.0.0/24 for example?

Thank you!
Eric
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

Re: [pmacct-discussion] nfacctd tee - filter subnets before transmit

[pmacct-discussion] nfacctd tee - filter subnets before transmit

5 matches

Site Navigation

Mail list logo

Footer information