[pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4

0.11.4 compiled, but ./configure;make with 0.11.5 says: snip- gcc -DPACKAGE=\pmacctd\ -DVERSION=\0.11.5-cvs\ -DPROGNAME=1 -DIM_LITTLE_ENDIAN=1 -DHAVE_L2=1 -DHAVE_PCAP_H=1 -DHAVE_LIBPCAP=1 -DPCAP_7=1 -DPCAP_TYPE_bpf=1 -DHAVE_DLOPEN=1 -DSTDC_HEADERS=1

Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4

On 02/06/2009 10:55:41 AM, Paolo Lucente wrote: Hi Karl, Present! The developer has still brainwave and currently trying to refrain his daytime employer to kick him out. Good. Indeed, thanks for flagging the compilation issue; as this is bound to a specific DLT definition, i was actually

Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4

On 02/06/2009 03:50:06 PM, Paolo Lucente wrote: Hi Karl, On Fri, Feb 06, 2009 at 02:35:28PM -0600, Karl O. Pinc wrote: Unfortunately i don't have access to any OpenBSD at the moment; is that something you can give it a try? What would I look at? As i was suggesting, please download

[pmacct-discussion] Patch to fix strcpy bug

Hi, strcpy does not work reliably with overlapping source and destination buffers. This patch fixes at least some cases of this problem. To apply: cd pmacct-0.11.5 patch -p1 memmove.patch Karl k...@meme.com Free Software: You don't pay back, you pay forward. -- Robert A.

[pmacct-discussion] strlcpy patch

Pedantic removal of strcpy that mostly serves to make it easier to find and remove other unsafe (buffer overflow prone) uses of strcpy. To apply: cd pmacct-0.11.5 patch -p1 strlcpy.patch Karl k...@meme.com Free Software: You don't pay back, you pay forward. -- Robert A.

[pmacct-discussion] pmacct/pmacctd client/server across the net

Hi, I'm working on code that uses socat to re-create the pmacctd socket on a machine elsewhere on the network. The purpose is so that pmacctd can be run with memory tables and be very lightweight, and all the other work can be done on a bigger box elsewhere on the network. I would like this

Re: [pmacct-discussion] pmacct/pmacctd client/server across the net

On 02/25/2009 10:10:05 PM, Karl O. Pinc wrote: On 02/25/2009 04:46:46 PM, Paolo Lucente wrote: All this said, let me just shoot a proposal: as the in-memory table client/server communication is already based on request/reply headers, operation codes, etc. (so let's say the protocol

Re: [pmacct-discussion] pmacct/pmacctd client/server across the net

On 02/25/2009 04:46:46 PM, Paolo Lucente wrote: All this said, let me just shoot a proposal: as the in-memory table client/server communication is already based on request/reply headers, operation codes, etc. (so let's say the protocol is there) what about keeping it simple by encoding all

Re: [pmacct-discussion] pmacct/pmacctd client/server across the net

Thanks for the quick reply. On 02/28/2009 09:47:59 AM, Paolo Lucente wrote: * the socket approach would be, IHMO, the best but requires more work. This might be done in alternative or in addition to listening on a UNIX socket. The way in which it should be coded is similar; as

[pmacct-discussion] Patch: word wrap EXAMPLES at 80 chars

Hello, Attached is a patch so that the text in EXAMPLES is wrapped at 80 character columns so it can be easily read in a regular sized text interface. One example command is broken into two lines with a trailing \ line continuation char. One example command is too long to wrap. Against cvs

Re: [pmacct-discussion] pmacct/pmacctd client/server across the net

On 02/28/2009 07:49:50 AM, Karl O. Pinc wrote: Bah. All the time I'm spending messing around in shell makes me think I'd be better off extending pmacct. The attached patch to EXAMPLES explains what I'm talking about. It can be read as a a patch without having to apply it. I'd like some

Re: [pmacct-discussion] pmacct weird counters

On 03/14/2009 12:38:09 PM, Chris Wilson wrote: Hi Karl, On Sat, 14 Mar 2009, Karl O. Pinc wrote: As a debugging aid (or in general) you might consider putting your rfc1918 network in a networks file. With an aggregate on sum_net and without any other filters you get the cross

Re: [pmacct-discussion] pmacct weird counters

On 03/14/2009 01:19:09 PM, Chris Wilson wrote: Sorry, I just realised that that only produces a summary of all traffic from the net, whereas I want to account by individual host within the net. So I can't replace my current config with sum_net, but I have added it as a new plugin. You

Re: [pmacct-discussion] IPv6 traffic

On 03/23/2009 06:53:28 PM, Garry Peirce wrote: Hi Paolo, Ok - I believe I've done that. Anyway to be certain the version of pmacctd I'm running is the most current patch of 0.11.5? The behavior appears to be the same, although I'm not 100% sure I updated my version with CVS correctly.

Re: [pmacct-discussion] Dynamic Table not created

On 04/08/2009 03:26:26 PM, s.kub...@gmail.com wrote: Hi, i'm trying to use the dynamic feature but i get this error in syslog: Apr 8 22:18:01 localhost pmacctd[2332]: ERROR ( default/mysql ): PRIMARY 'mysql' backend trouble. Apr 8 22:18:01 localhost pmacctd[2332]: ERROR ( default/mysql

Re: [pmacct-discussion] timestamp rounding bug

On 04/19/2009 01:00:48 PM, Paolo Lucente wrote: Hi Alex, DST is not supported. Timezones are. The idea behind this was that a backend application (like pmacct is) should ideally work only with UTC (even if timezones are supported) and then front-ends should localize the time as required. I

Re: [pmacct-discussion] input/output interface information in nfacctd?

On 06/08/2009 06:00:46 PM, Paolo Lucente wrote: Hi Suraj, This information is not immediately available within the database or memory table; but you can match such fields within the Pre-Tagging infrastructure to generate a tag - which can, in turn, be either just used internally for filtering

Re: [pmacct-discussion] Q. Logging via syslog

On 06/11/2009 02:10:42 AM, Vitalijus Trainys wrote: My pmacctd.conf: daemonize: true plugins: memory pidfile: /var/run/pmacctd.pid aggregate: src_host,dst_host pcap_filter: net 192.168.5.0/24 interface: eth1 promisc: false syslog: daemon logfile: /var/log/pmacct/pmacct.log Nothing except ===

Re: [pmacct-discussion] Flexible aggregation

On 06/13/2009 05:11:40 AM, Paolo Lucente wrote: Hi Chris, Aguri is slightly more limited in the fact it has only a set of (4?) traffic aggregation profiles whereas pmacct offers a wider range of primitives. But I guess the point you wanted to make was the dynamic variation of the sampling

Re: [pmacct-discussion] Flexible aggregation

On 06/13/2009 03:49:07 PM, Paolo Lucente wrote: Hi Chris, On Sat, Jun 13, 2009 at 03:07:01PM -0500, Karl O. Pinc wrote: We are only interested in a single table. Why can't two separate sql plugins write to the same table? What Karl is proposing here might really result in a simpler

Re: [pmacct-discussion] timestamp rounding bug

On 08/04/2009 04:35:31 AM, Chris Wilson wrote: Is any real-world system set to UTC? I'm certainly not going to run my firewall (where I run pmacct currently) on UTC. All my logs would be screwed up and much harder to interpret. Setting the system clock to UTC is traditional in Unix,

Re: [pmacct-discussion] packet logger

On 09/22/2009 04:58:27 PM, Mada R Perdhana wrote: any suggestion? but the app should be open source not a proprietary app. Sort? See: snort.org On Tue, Sep 22, 2009 at 10:50 PM, Paolo Lucente pa...@pmacct.net wrote: Hi Mada R, The packet logger scenario is not supported by pmacct

Re: [pmacct-discussion] packet logger

list. On Wed, Sep 23, 2009 at 10:36 AM, Karl O. Pinc k...@meme.com wrote: On 09/22/2009 04:58:27 PM, Mada R Perdhana wrote: any suggestion? but the app should be open source not a proprietary app. Sort? See: snort.org On Tue, Sep 22, 2009 at 10:50 PM, Paolo Lucente pa

Re: [pmacct-discussion] why is PostgreSQL - timestamp without time zone

On 10/27/2009 08:31:45 AM, Charlie Allom wrote: as an aside: here is an SQL issue I'm having problems with.. pmacct= SELECT step.date,CAST(step.date as int),foo.mb FROM (SELECT acct_v6.stamp_inserted,SUM(acct_v6.bytes) AS mb FROM acct_v6 WHERE as_src = '714' GROUP BY stamp_inserted) AS

Re: [pmacct-discussion] NAT question

On 11/11/2009 11:24:34 PM, JF Cliche wrote: Maybe a newbie question, so I'll be brief: I am behind two NAT routers (Linksys running DD-WRT) with port forwarding up to the machine running pmacct, and yet pmacct reports SSH traffic to the forwarded port with the public (external, non-NATed)

Re: [pmacct-discussion] Any advice on this config?

On 02/15/2010 06:00:22 PM, Jeff Welling wrote: First off, I was wondering if anyone has seen anything similar to the first bit of trouble I'm having. When I torrent, if I continue for prolonged periods of time (a day or more), my sql server starts to get bogged down with updates from

Re: [pmacct-discussion] Pmacct data inconsistencies between tables.

On 02/19/2010 07:42:08 AM, Chris Wilson wrote: Hi Paolo and Daniel, I deleted the primary key from that table because it should not be necessary (there should not be any duplicates if everything is configured correctly) and it makes inserts extremely slow (by a factor of 10-100) when

Re: [pmacct-discussion] Pmacct data inconsistencies between tables.

On 02/19/2010 10:24:57 AM, Chris Wilson wrote: Hi Karl, On Fri, 19 Feb 2010, Karl O. Pinc wrote: FWIW, the automatic sequential key generation speed is unrelated to table size when using postgresql. There is no sequence to generate as far as I know. The problem is the size

Re: [pmacct-discussion] dynamic IP

On 03/03/2010 03:51:25 AM, Jeff Welling wrote: Hey, Im finding that one of my ISPs changes my IP frequently. Is there a way to get the actual IP to show up without having to specify it in an aggregate_filter line in the config? Probably not, although I'm not thinking it through. You

Re: [pmacct-discussion] Ideas/tips/hints/etc for long-term detailed storage of bandwidth statistics

On 03/23/2010 10:25:04 AM, Ruben Laban wrote: On Tuesday 23 March 2010 at 16:10 (CET), Karl O. Pinc wrote: On 03/23/2010 06:00:13 AM, Ruben Laban wrote: Hello list, I'm trying to cook up an improved datamodel to store our bandwidth statics. Have you considered rrdtool

Re: [pmacct-discussion] PostgreSQL large database

On 05/27/2010 07:06:50 AM, Sergio Charpinel Jr. wrote: - I'm running analyze in every insert, within the create table function: CREATE OR REPLACE FUNCTION cria_tab_pmacct(text) RETURNS void AS $$ DECLARE myrec RECORD; BEGIN SELECT 1 INTO myrec FROM pg_catalog.pg_class WHERE

Re: [pmacct-discussion] [pmacctd] Accounting data every second without update

On 08/16/2010 01:38:22 PM, Borys Owczarzak wrote: Hi! I would like to account data (src_ip, dst_ip, src_port, dst_port, ip_proto, tcp_flags and time ) to mysql database. Every packet in new row (no UPDATE's, only INSERT's). PROBLEM: Why in some records number of packets are more than

Re: [pmacct-discussion] Source port column name depends on database

On 09/15/2010 05:48:51 AM, Paolo Lucente wrote: Hi Chris, On Tue, Sep 14, 2010 at 09:16:37AM +0200, Chris Wilson wrote: I'm not sure about adding a new config switch, do we actually need it? I seem to recall some wiser counsel to not add configuration options where possible, as it

Re: [pmacct-discussion] Compilation problems on Debian Squeeze 64-bit

On 02/08/2011 12:00:51 PM, Paolo Lucente wrote: On Mon, Feb 07, 2011 at 06:10:28PM +0100, Johan Karlsson wrote: Hi! I'm having trouble compiling a pmacct with PF_RING on Debian Squeeze 64-bit. It worked perfectly on a 32-bit ditto. You could start by rebuilding the stock debian pmacct

Re: [pmacct-discussion] Problem with MAKE after Configure

On 06/20/2012 08:57:56 AM, Komil Gulboev wrote: Hi, I`m trying to install 0.14 version but after starting ./configure can`t do MAKE, after typing MAKE receive error like *bash: make: command not found* You have to install the make command on your system. (And probably the rest of the

Re: [pmacct-discussion] The accounting of flows requires SQL table v4

On 07/16/2012 04:28:25 PM, Leonardo Sápiras wrote: Hi everybody, I am trying to use the aggregate peer_src_ip in my pmacctd.conf. But when I start it the pmacct says: ERROR ( default/mysql ): The accounting of flows requires SQL table v4. Exiting. Without this directive, it works.

Re: [pmacct-discussion] pmacct hangs after a while

On 05/02/2013 04:50:16 AM, Timur Irmatov wrote: Hi. I am running a pmacctd with netflow export on Linux box. Traffic on interface where pmacctd is configured to capture is about 500Mbit/s. After a while pmacct stops exporting netflow data, and CPU utilisation of two pmacct processes drops

Re: [pmacct-discussion] Crash in pmacct

On 07/08/2013 05:30:36 AM, Joan wrote: BTW, just found in the changelog for 0.14.1 this: ! fix, net_aggr.c: defining a networks_file configuration directive in conjunction with --enable-ipv6 was causing a SEGVs. This is now solved. That could be the cause for my issue (unless debian

Re: [pmacct-discussion] HTTP traffic classification

On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote: Hi all, Concerning HTTP: I guess the thing to output would be hostname, since you can have multiple HTTP requests to different URLs inside one TCP Session.About DNS, what should be outputted? I guess the hostname for A queries is good enough

Re: [pmacct-discussion] HTTP traffic classification

On 03/24/2014 08:14:25 AM, Chris Wilson wrote: I'd like to see the *content* of DNS requests and responses available to be logged in data records by pmacct. It can be very helpful in identifying which website someone was trying to access, when all we have is an IP address. I accept that

Re: [pmacct-discussion] nfacctd 1.5.0rc3 src_as and dst_as show as 0, how to change?

On 07/18/2014 03:24:25 PM, THE MIGHTY VEXORG wrote: Hello, I have netflow coming from a few devices where the source AS and destination AS both show up as 0 and is confirmed with tcpdump captures, so nfacctd dutifully stores these in the database with zeroes. I would like to have all

Re: [pmacct-discussion] Request for Feedback: Additional Features for pmacct

On 09/16/2014 04:25:19 AM, Thomas King wrote: We are thinking about adding features in the following categories: - Reconfiguration via API: As we want to use pmacct in a dynamic environment we want to be able to change the configuration via an API without restarting pmacct. Just curious.

Re: [pmacct-discussion] Webinterface

On Sun, 8 Mar 2015 20:11:51 + Daniel Eschner d...@sfhost.de wrote: Hi there, Is there any know Webinterface to connect to the pmacct DB and check the traffic? I am not a programmer that i can do these small things by my self :-( Depends on the database you are using. Postgresql has

Re: [pmacct-discussion] network output

I am not paying attention, but there are also standard tools like netcat or socat that can be used to distribute data over a network. There's often no reason to re-invent something that already works. Plugging together modular components is the Unix way. On Fri, 27 Feb 2015 20:23:15 + Paolo

Re: [pmacct-discussion] Summarize Traffic

On Fri, 13 Nov 2015 08:17:40 + Ralf Kirmis wrote: > Hello, > > i work at a small ISP and want to achieve the following: > > I get Netflow Data from a router which supports multiple customers. > I want then a tabular listing of the summarized traffic from one > day / one

Re: [pmacct-discussion] Removing small flows

On Mon, 14 Dec 2015 13:33:36 + Daniel Kopp wrote: > I don’t know an config switch to enable something like this in pmacct. > And I believe this can’t be done while recording flows as you never > know which traffic relation will become big beforehand :-) > > If your

Re: [pmacct-discussion] Looking for a fresh pmacct UI

On Tue, 2 Aug 2016 10:35:44 -0500 Robert Juric wrote: > Well would anyone else be interested in developing a dedicated > front-end utilizing the existingpmacct database? Or is it the general > consensus that everyone exports the pmacct data to other systems for >

Re: [pmacct-discussion] Looking for a fresh pmacct UI

On Tue, 02 Aug 2016 17:59:14 +0200 Davide Principi <davide.princ...@nethesis.it> wrote: > On Tue, 2016-08-02 at 10:41 -0500, Karl O. Pinc wrote: > > Time-series storage seems the way to go.  And rrd-tool seems > > like the tool for that job. > > What if accountin

Re: [pmacct-discussion] Looking for a fresh pmacct UI

On Wed, 3 Aug 2016 14:31:08 +0200 raf <r...@futomaki.net> wrote: > Le 02/08/2016 à 17:41, Karl O. Pinc a écrit : > > And rrd-tool seems > > like the tool for that job. > > > > rdd still made a great job, but I think there are better option today. > (infl

Re: [pmacct-discussion] Problem compiling on Debian Jessie

problems, then it makes sense to compile your own. On the other hand if what the distro releases works for you why bother to go though extra work to get shiny new features you don't need? > > > Le 6 juil. 2016 à 12:42, Karl O. Pinc <k...@meme.com> a écrit : > > > > FYI.

Re: [pmacct-discussion] Problem compiling on Debian Jessie

On Tue, 5 Jul 2016 12:58:27 + Johan Sjöberg wrote: > We have been running pmacct 1.2.5 on Debian Squeeze for many years. > We are now trying to set up a new server, running Debian Jessie. I > have downloaded pmacct 1.6.0 (and also 1.5.3), and tried compiling > it.

Re: [pmacct-discussion] Problem compiling on Debian Jessie

ight want to check newer changlogs to see if any important bugs were fixed or some such. > /Johan > ____ > Från: Karl O. Pinc <k...@meme.com> > Skickat: den 6 juli 2016 12:42:37 > Till: Johan Sjöberg > Kopia: pmacct-discussion@pmacct.net > Ä

Re: [pmacct-discussion] MySQL dynamic tables - backticks

On Tue, 13 Dec 2016 15:05:31 + "Miethe, Martin" wrote: > I just spent some time trying to set up dynamic mysql tables. The log > keeps saying: > > Dec 13 15:26:01 INFO ( out/mysql ): *** Purging cache - START (PID: > 20506) *** Dec 13 15:26:01 ERROR (

Re: [pmacct-discussion] Centralizing data from multiple nfacct collectors

On Thu, 5 Jan 2017 10:57:01 +0100 Yann Belin wrote: > Not strictly a pmacct/nfacct question, but I was wondering if anyone > ever built a similar setup. Not strictly a pmacct/nfacct response, but thought I'd comment anyway. ;-) > A central side would then gather > data

Re: [pmacct-discussion] sql_dont_try_update causes key collisions?

On Mon, 6 Mar 2017 17:48:24 -0600 Edward Henigin wrote: > And as far as updating docs, I might suggest adding to the > sql_dont_try_update key the fact that the sql_cache_entries needs to > be large enough to prevent multiple purges per update cycle :-) Last I looked the docs

Re: [pmacct-discussion] bgp_as_path_radius / pgsql and bgp_aggregate

ache_size". It should -- be larger than shared_buffers. "checkpoint_segments" -- should probably be at least 32, much more if write -- performance is an issue. For details see: --https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server >

Re: [pmacct-discussion] bgp_as_path_radius / pgsql and bgp_aggregate

On Fri, 7 Dec 2018 16:42:31 + Paolo Lucente wrote: > You could make the field variable-length - optimizing space and > avoiding you the try & error of finding the sweet spot size for the > as path field at the expense of more computing. I would not expect a Postgres TEXT column, which is

Re: [pmacct-discussion] effort to relicense pmacct from GPL to a BSD-style license

Hello, I also consent to relicensing any and all the contributions I have made to the pmacct project. (I may have sent documentation patches in via email at some point. I forgot about those.) Regards, Karl Free Software: "You don't pay back, you pay forward." -- Robert A.

Re: [pmacct-discussion] DTLS encrypted flow data

On Tue, 13 Oct 2020 06:16:59 + Felix Stolba wrote: > Out of curiosity I've been playing around with ncat, trying to > encrypt a regular IPFIX stream and sending it to nfacctd_dtls_port. FYI, FWIW. Other tools you might be interested in are socat and stunnel. I've forgotten the details,

Re: [pmacct-discussion] pmacct.net

Hi Paolo, On Wed, 4 May 2022 01:25:23 -0300 Paolo Lucente wrote: > Somehow i can't reproduce the problem, both pmacct.net and > www.pmacct.net do actually work for me no problem (http of course, > ie. not https, well no https is advertised out nor does it work). > > Can you please qualify the

Re: [pmacct-discussion] Easiest way to ingest nfacctd data into python?

On Tue, 3 May 2022 18:19:50 + "Compton, Rich A" wrote: > Hi, I’m trying to take the netflow records from nfacctd and process > them with a python script. Can someone suggest how I can do this > with python without having nfacctd put them into a database and then > have my python script read

[pmacct-discussion] pmacct.net

FYI. I notice that "pmacct.net" in my browser's URL bar does not redirect to "www.pmacct.net". I get "unable to connect". Regards, Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein ___

Re: [pmacct-discussion] Filter destination IP on lists with tens of thousands of entries?

On Thu, 15 Dec 2022 19:03:45 + "Compton, Rich A" wrote: > Hi, I have a few (~20) lists of IPs provided by Shadowserver > (https://www.shadowserver.org) on a daily basis. Some lists contain > a few hundred IPs and some contain tens of thousands of IPs. I want > to have pmacct filter out