Hi Alex, Inline:
On Sun, Sep 11, 2016 at 11:45:44PM +0300, Abi Askushi wrote: > 1. Is there a pmacct plugin to get traffic flows from connection tracking > system, like ulogd2 with NFCT plugin? Not being familiar with this, can you elaborate what it does? An example would be much appreciated. > 2. NFLOG + uacctd: is there any way to aggregate/filter collected packets > with uacctd as received from NFLOG, according to the fwmark value set with > MARK at iptables ? If no, is there any recommended alternate approach? No, as i suspect this MARK action does not really mark/stamp the packet itself but mangles with an external header. But knowing more precisely what this MARK does, we can certainly make it an item we can tag upon, or more. Again, i'm not a master of ULOG/NFLOG and hence i'd need (your) support. > 3. pmacctd Netflow v9 exports: when collecting flows with nfacctd generated > with pmacctd+nfprobe plugin, the interface index (in_iface, out_iface) was > showing always 0. Am I missing sth? Did you read the QUICKSTART document section "Quickstart guide to setup a NetFlow agent/probe"? Towards the end it starts speaking about interfaces, direction and tags. It essentially says: libpcap is detached from the OS and hence has no concept of interfaces and such; you need to issue a tag, ie. basing on source/destination MAC address, in order to populate the interface and/or direction fields of a generated NetFlow/IPFIX packet. Let me know if the case is you are already doing this and it's not working; if not (your config suggests you are not) here is a pointer to the doc: https://github.com/pmacct/pmacct/blob/master/QUICKSTART ULOG/NFLOG is instead integrated in the Linux OS and hence would return you interfaces no problem. Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
