I have a running setup with remote sites having pmacct + mysql which aggregates
the data nightly and pushes them to a central hub as json files.
Alex
On January 5, 2017 5:42:45 PM GMT+02:00, Yann Belin
wrote:
>Thanks all! I spent a couple of hours trough RabbitMQ docs/specs and it
>se
Hi Paolo,
After compiling with the new limit (MAX_N_PLUGINS 40) pmacctd is starting
normally on all interfaces.
Alex
On February 7, 2017 11:54:40 AM GMT+02:00, Abi Askushi
wrote:
>Hi Paolo,
>
>Thank you for the swift response.
>I will recompile with the new limit and will check.
i don't see any problem in memory tables for every
'pmacctd'
daemons but found it in 'nfacctd'. Therefore i think this is bug in
'nfacctd'
collector.
I tested CVS sources and found them behaviour analogous.
VERY disappointment bug.
Alex
--
Достав
very strange flows (i can't attache screenshot).
All of them parameters (ip_src,ip_dst,src_port,dst_port,ip_proto,packets and
bytes) looks unreal. It seems that these data was decoded from garbage not
from correct filtered data.
Thank you very much,
Alex
--
Доставка
ting up 'nfprobe_engine', 'post_tag' parameters but in
table i see only 'agent_id=0' for all records.
2. How i can count 'flows' field?
Thank you very much,
Alex
--
Доставка на дом и в офис пиццы, суши, шашлыка
with
somewhat inaccurate (several minutes/Kbytes - 'sql_refresh_time' and
may be something else) around 00:00.
Am i correct?
Thank you very much,
Alex
---
Доставка на дом и в офис пиццы, суши, шашлыка, напитков круглосуточно.
Закажи сейчас! http://www.pizza.by
(0
8 09:56:01
64680icmp 2008-04-17 00:00:00 2008-04-18 09:56:01
286440icmp 2008-04-17 00:00:00 2008-04-18 09:00:01
...
Alex
---
Доставка на дом и в офис пиццы, суши, шашлыка, напитков круглосуточно.
Закажи сейчас! http://www.pizza.by
(017)
Totally them 310. But this is very little
part of all records of this day (22 249).
>> And yet one question. As i understand if connection was created at
>> one day and closed at next we should have two records for it with
>> somewhat inaccurate (several minutes/Kbytes - &#x
Sorry, not five, four:
> 2188048 2008-04-17 00:00:00 2008-04-18 11:28:01
>538793 2008-04-17 00:00:00 2008-04-18 09:56:01
> 64680 2008-04-17 00:00:00 2008-04-18 09:56:01
>286440 2008-04-17 00:00:00 2008-04-18 09:00:01
>...
---
Доставка
marks and fixes) and will be glad if it will useful.
Alex
--
Кредит на развитие бизнеса! Индивидуальным предпринимателям и юр.лицам.
Специальные предложения: 'Кредит на приобретение коммерческого автомобиля',
'Кредит руководителю'. Белросбанк, (017) 287-6
See my letter from 23 Apr 2008 with theme 'best practice (additional
examples)'. It have attached my personal config.
Alex
> Hi All...
>
> I'm wondering if there are any docs or samples for configuring the netflow
> and/or sflow plugins, beyond what acco
tion on nfacctd, not on agents.
Agents will only collect necessary traffic for nfacctd.
Alex
> Hi Alex and thank you very much for the reply. I went through your
>posting carefully and experimented with your configurations, but I can't
>seem to make this work. The flow coming ou
_net' and 'dst_net' for
accumulate input and output traffic.
But we can make appropriate SQL 'select' request for join both type of
traffic in one digit.
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
In 'CONFIG-KEYS' described follow method:
"sum_ are compound primitives which allow to join inbound and
outbound traffic into a single aggregate."
Alex
>>When you have both in and out traffic separately you can also use
>> 'net'
t;
> So, is it possible to make pmacct generate separate flows for in and out
> for the same interface?
Yes, of course, i am using it so now. If you set 'memory' plugin and
start
'pmacctd' daemon in debug mode:
debug: true
daemonize: false
plugins: memory[in], memory[out
1.3.5.tar.gz on address
'http://www.switch.ch/network/downloads/tf-tant/samplicator/' and
interesting info on
'http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html'.
Alex
> Hi All,
>
> This seems like a simple question but I'm still h
Hello Ahmed!
I can offer you to try adopt my personal report script for
your configuration.
Feel free for any questions.
Alex
Hi everyone,
Thanks a million for this wonderful tool. The design and stability are
impressive. It's currently monitoring my link. I would like to get &
Hello Adam!
For begin as i understand you must start one 'pmacctd' daemon (with
own config) for every interface that you must accouting traffic. In
configs you must set up relative interface, aggregate_filter, aggregate
and other parameters.
Alex
> Hi guys,
>
> I
.
Try next:
dst net 202.45.102.0/24 and src net ! (202.45.102.0/24 and
192.168.1.0/24)
And one accurate definition. Balances external request between
internal servers make LVS not Keepalived. Keepalived make convenient
configuration and VRRP gateway reservation.
Alex
> Hi Alex,
&
't understand what do you mean "ip_src and ip_dst count"
and why it must be equal (see Enrico answer with attention)?
Alex
> Thanks and best regards
>
>>
>> Um, sorry one more basic question. My config is below (straight from
>> examples), and the
>> values for each day. Do you want that?
>>I am usung following settings:
>>
>> sql_history: 1d
>> sql_history_roundoff: h
>>
>>
>> > Now, if I could understand why ip_src and ip_dst count are different I
>> >would be happier
>>
&g
ion. "The
>> >> supplied value defines the time slot width during which
>> >>bytes/packets/flows
>> >> counters for each entry are accumulated." Now all data fields will be
>> >> summarized during a three month (for your config). And you can't
my answer, SEE Enrico EXAMPLE
BELOW) and you will have any internal and external ip-addreses in ip_dst
field. Therefore you must specify in select clause expression for your
network. But better use pmacctd filters.
Alex
Again thanks a lot for your help and patience ;)
Regards
2008/6/4
See my previouse letter from 23 Apr 2008 with subject "best practice
(additional examples)". In this example i comment advantage of using
pmacct filters and agent_id field also (for nfprobe config).
# setting separate 'agent_id' for every observated network/zone and
# have advantage when use '
(where sfacctd are working).
Alex
> Hi all,
>
>
>
> I've been running pmacct with both memory and mysql backend for some time
>and it has worked very well. I use pretag.map for filtering and as the
>number of address ranges have increased, I've added to
Hello Ahmed,
I only want to add that you must be strong ensure that you compare
same flows of data. It is seem obviously but you can easy miss something
in setting of both programs and compare hasn't any sense.
Alex
> Hi Ahmed,
>
> On Tue, 10 Jun 2008, Ahmed Kamal wrote
er, daemon
must round all time digits according to my configuration ('sql_history =
1d'). After I restart 'nfacctd' daemon, 'stamp_inserted' values have zero in
hour position.
I suspect that it is bug in mechanism of timestamp rounding.
I use 'pmacct-0.11
On 04/19/2009 01:00:48 PM, Paolo Lucente wrote:
Hi Alex,
DST is not supported. Timezones are. The idea behind this was that a
backend application (like pmacct is) should ideally work only with UTC
(even if timezones are supported) and then front-ends should localize
the time as required.
I
Hello Paolo,
Could you please tell about current state of this question.
Alex
On 04/19/2009 01:00:48 PM, Paolo Lucente wrote:
Hi Alex,
DST is not supported. Timezones are. The idea behind this was that a
backend application (like pmacct is) should ideally work only with UTC
(even if
=1 filter=‘ip’
Can you help please?
Thanks.
Regards,
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Hi Mario,
Thanks for your help. It works :)
Regards,
Alex
> On 17 Aug 2016, at 19:01, Jentsch, Mario wrote:
>
> Hi Alex,
>
> as soon as a matching line in the map is found the search ends unless you
> specify a jump to a label.
> Try
>
> set_tag=100 ip=Ajeq
all adapted with my
setup.
Thanks.
Regards,
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
all adapted with my
setup.
Thanks.
Regards,
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Keep up the good work Paolo and thanx for this excellent software!
Alex
On Sun, May 6, 2018 at 4:44 PM, Paolo Lucente wrote:
> VERSION.
> 1.7.1
>
>
> DESCRIPTION.
> pmacct is a small set of multi-purpose passive network monitoring tools. It
> can account, classify, agg
on Debian9 64 bit.
Is there any tweaks I can use to put a limit on the memory usage of uacctd.
Thanx,
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
with memory.
Thanx,
Alex
On Mon, Jun 25, 2018 at 2:22 PM, Dariush Marsh-Mossadeghi <
dari...@gravitas.co.uk> wrote:
>
> On 25 Jun 2018, at 11:54, Alex K wrote:
>
> Hi all,
>
> I have a setup with uacctd monitoring traffic of several interfaces
> through NFLOG.
>
worth ?
>
This is not an option. What I have is 4 GB. This is not just a personal
project. There are going to be thousands of such installations...
HTH
Dariush
On 25 Jun 2018, at 12:32, Alex K wrote:
Thanx for the reply.
The output of free is the following:
free
totaluse
That’s a maintenance
> overhead you want to avoid unless you have to.
> Having said all that, if you’re looking at deploying thousands of units,
> the economics of software maintenance may stack up for you.
>
> HTH
> Dariush
>
>
> On 25 Jun 2018, at 14:32, Alex K wrote:
n available RAM
> is around 400MB.
>
This is already done.
> r.
>
> On 06/25/2018 05:35 PM, Alex K wrote:
> > Thanks Dariush. Appreciate your feedback.
> >
> > I was testing several stripped down kernels by compiling and removing
> > most of unused modules. Th
-> mysql -> processing of mysql
and further aggregation -> json file -> push to central hub (rsync) ->
import to DB -> visualize... (I've been playing like this for at least 3
years without issues)
It is interesting to hear how you tackle such issues.
Alex
On Mon, Jun 25,
troubleshooted. I am using
pmacct 1.6.1-1.
Thank you!
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Hi Paolo,
You just caught me doing the upgrade :)
I will let you know the outcome.
Thank you!
On Wed, May 29, 2019 at 4:17 PM Paolo Lucente wrote:
>
> Hi Alex,
>
> First thing first 1.6.1 is a release of almost 3 years ago, i can't
> support that - please upgrade to 1.7.3
not
being captured at the nflog:1 interface of the sim0 ppp interface. At other
non-ppp interfaces capturing is fine for IN/OUT.
Thanx
On Wed, May 29, 2019 at 6:08 PM Alex K wrote:
> Hi Paolo,
>
>
> On Wed, May 29, 2019 at 4:31 PM Alex K wrote:
>
>> Hi Paolo,
>>
&g
Hi all,
i trying to set up looking glass feature, but no success.
pmbgpd starts, but bgp_daemon_lg_* options dont' work, socket with
specified address/port not shown.
Please help, what i doing wrong.
]# /opt/sbin/pmbgpd -f /opt/etc/pmbgpd.conf -d -g
DEBUG: [/opt/etc/pmbgpd.conf] plugin name/type: '
t to collect traffic only generated from subnets that belong to
configured interfaces of the router.
Thanx for your feedback!
Alex
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
mples for uacctd at
https://github.com/pmacct/pmacct/blob/master/examples/pretag.map.example.
Thanx,
Alex
On Thu, Feb 20, 2020 at 6:33 PM Alex K wrote:
> Hi all,
>
> I have a router with multiple interfaces and will need to account traffic
> at its several WAN interfaces. My purpose is t
Hi Paolo,
On Sat, Feb 22, 2020 at 4:18 PM Paolo Lucente wrote:
>
> Hi Alex,
>
> Is it possible with the new setup - the one where pre_tag_map does not
> match anything - the traffic is VLAN-tagged (or MPLS-labelled)? If so,
> you should adjust filters accordingly and add &#x
17353, seq 2, length 64
09:16:06.855200 IP (tos 0x0, ttl 49, id 0, offset 0, flags [none], proto
ICMP (1), length 84)
8.8.8.8 > 192.168.28.11: ICMP echo reply, id 17353, seq 2, length 64
The pmacct version I am running is latest master.
Thank you for your assistance.
Alex
On Mon, F
Hi Paolo,
On Tue, Feb 25, 2020 at 6:41 PM Paolo Lucente wrote:
>
> Hi Alex,
>
> Thanks for your feedback. I see you did run "tcpdump -n -vv -i nflog:1"
> which is equivalent to run uacctd without any filters; as you may know,
> you can append a BPF-style filter
Thank you Paolo,
I see I can use aggregation filters also. So I guess will find a way to
implement what is needed without having a convoluted configuration file.
cheers,
Alex
On Thu, Feb 27, 2020 at 12:24 PM Paolo Lucente wrote:
>
> Hi Alex,
>
> Ack. The other way you could &qu
50 matches
Mail list logo
