0.11.4 compiled, but ./configure;make with 0.11.5 says:
snip-
gcc -DPACKAGE=\pmacctd\ -DVERSION=\0.11.5-cvs\ -DPROGNAME=1
-DIM_LITTLE_ENDIAN=1 -DHAVE_L2=1 -DHAVE_PCAP_H=1 -DHAVE_LIBPCAP=1
-DPCAP_7=1 -DPCAP_TYPE_bpf=1 -DHAVE_DLOPEN=1 -DSTDC_HEADERS=1
On 02/06/2009 10:55:41 AM, Paolo Lucente wrote:
Hi Karl,
Present! The developer has still brainwave and currently trying
to refrain his daytime employer to kick him out.
Good.
Indeed, thanks for flagging the compilation issue; as this is
bound to a specific DLT definition, i was actually
On 02/06/2009 03:50:06 PM, Paolo Lucente wrote:
Hi Karl,
On Fri, Feb 06, 2009 at 02:35:28PM -0600, Karl O. Pinc wrote:
Unfortunately i don't have access to any OpenBSD at the moment;
is that something you can give it a try?
What would I look at?
As i was suggesting, please download
Hi,
strcpy does not work reliably with overlapping
source and destination buffers. This patch
fixes at least some cases of this problem.
To apply:
cd pmacct-0.11.5
patch -p1 memmove.patch
Karl k...@meme.com
Free Software: You don't pay back, you pay forward.
-- Robert A.
Pedantic removal of strcpy that mostly
serves to make it easier to find and remove other
unsafe (buffer overflow prone) uses of strcpy.
To apply:
cd pmacct-0.11.5
patch -p1 strlcpy.patch
Karl k...@meme.com
Free Software: You don't pay back, you pay forward.
-- Robert A.
Hi,
I'm working on code that uses socat to re-create
the pmacctd socket on a machine elsewhere on the
network. The purpose is so that pmacctd can
be run with memory tables and be very lightweight,
and all the other work can be done on a
bigger box elsewhere on the network.
I would like this
On 02/25/2009 10:10:05 PM, Karl O. Pinc wrote:
On 02/25/2009 04:46:46 PM, Paolo Lucente wrote:
All this said, let me just shoot a proposal: as the in-memory table
client/server communication is already based on request/reply
headers,
operation codes, etc. (so let's say the protocol
On 02/25/2009 04:46:46 PM, Paolo Lucente wrote:
All this said, let me just shoot a proposal: as the in-memory table
client/server communication is already based on request/reply headers,
operation codes, etc. (so let's say the protocol is there) what about
keeping it simple by encoding all
Thanks for the quick reply.
On 02/28/2009 09:47:59 AM, Paolo Lucente wrote:
* the socket approach would be, IHMO, the best but requires more work.
This
might be done in alternative or in addition to listening on a UNIX
socket.
The way in which it should be coded is similar; as
Hello,
Attached is a patch so that the text in EXAMPLES
is wrapped at 80 character columns so it can
be easily read in a regular sized text interface.
One example command is broken into two lines
with a trailing \ line continuation char.
One example command is too long to wrap.
Against cvs
On 02/28/2009 07:49:50 AM, Karl O. Pinc wrote:
Bah. All the time I'm spending messing around in shell makes
me think I'd be better off extending pmacct.
The attached patch to EXAMPLES explains what I'm talking
about. It can be read as a a patch without having to
apply it. I'd like some
On 03/14/2009 12:38:09 PM, Chris Wilson wrote:
Hi Karl,
On Sat, 14 Mar 2009, Karl O. Pinc wrote:
As a debugging aid (or in general) you might consider putting your
rfc1918 network in a networks file. With an aggregate on sum_net and
without any other filters you get the cross
On 03/14/2009 01:19:09 PM, Chris Wilson wrote:
Sorry, I just realised that that only produces a summary of all
traffic
from the net, whereas I want to account by individual host within the
net.
So I can't replace my current config with sum_net, but I have added it
as
a new plugin.
You
On 03/23/2009 06:53:28 PM, Garry Peirce wrote:
Hi Paolo,
Ok - I believe I've done that.
Anyway to be certain the version of pmacctd I'm running is the most
current
patch of 0.11.5?
The behavior appears to be the same, although I'm not 100% sure I
updated my
version with CVS correctly.
On 04/08/2009 03:26:26 PM, s.kub...@gmail.com wrote:
Hi,
i'm trying to use the dynamic feature but i get this error in syslog:
Apr 8 22:18:01 localhost pmacctd[2332]: ERROR ( default/mysql ):
PRIMARY
'mysql' backend trouble.
Apr 8 22:18:01 localhost pmacctd[2332]: ERROR ( default/mysql
On 04/19/2009 01:00:48 PM, Paolo Lucente wrote:
Hi Alex,
DST is not supported. Timezones are. The idea behind this was that a
backend application (like pmacct is) should ideally work only with UTC
(even if timezones are supported) and then front-ends should localize
the time as required.
I
On 06/08/2009 06:00:46 PM, Paolo Lucente wrote:
Hi Suraj,
This information is not immediately available within the
database or memory table; but you can match such fields
within the Pre-Tagging infrastructure to generate a tag
- which can, in turn, be either just used internally for
filtering
On 06/11/2009 02:10:42 AM, Vitalijus Trainys wrote:
My pmacctd.conf:
daemonize: true
plugins: memory
pidfile: /var/run/pmacctd.pid
aggregate: src_host,dst_host
pcap_filter: net 192.168.5.0/24
interface: eth1
promisc: false
syslog: daemon
logfile: /var/log/pmacct/pmacct.log
Nothing except
===
On 06/13/2009 05:11:40 AM, Paolo Lucente wrote:
Hi Chris,
Aguri is slightly more limited in the fact it has only a set of
(4?) traffic aggregation profiles whereas pmacct offers a wider
range of primitives. But I guess the point you wanted to make was
the dynamic variation of the sampling
On 06/13/2009 03:49:07 PM, Paolo Lucente wrote:
Hi Chris,
On Sat, Jun 13, 2009 at 03:07:01PM -0500, Karl O. Pinc wrote:
We are only interested in a single table.
Why can't two separate sql plugins write to the same table?
What Karl is proposing here might really result in a simpler
On 08/04/2009 04:35:31 AM, Chris Wilson wrote:
Is any real-world system set to UTC? I'm certainly not going to run
my
firewall (where I run pmacct currently) on UTC. All my logs would be
screwed up and much harder to interpret.
Setting the system clock to UTC is traditional in Unix,
On 09/22/2009 04:58:27 PM, Mada R Perdhana wrote:
any suggestion? but the app should be open source not a proprietary
app.
Sort? See: snort.org
On Tue, Sep 22, 2009 at 10:50 PM, Paolo Lucente pa...@pmacct.net
wrote:
Hi Mada R,
The packet logger scenario is not supported by pmacct
list.
On Wed, Sep 23, 2009 at 10:36 AM, Karl O. Pinc k...@meme.com wrote:
On 09/22/2009 04:58:27 PM, Mada R Perdhana wrote:
any suggestion? but the app should be open source not a
proprietary
app.
Sort? See: snort.org
On Tue, Sep 22, 2009 at 10:50 PM, Paolo Lucente
pa
On 10/27/2009 08:31:45 AM, Charlie Allom wrote:
as an aside:
here is an SQL issue I'm having problems with..
pmacct= SELECT step.date,CAST(step.date as int),foo.mb FROM
(SELECT acct_v6.stamp_inserted,SUM(acct_v6.bytes) AS mb
FROM acct_v6
WHERE as_src = '714'
GROUP BY stamp_inserted) AS
On 11/11/2009 11:24:34 PM, JF Cliche wrote:
Maybe a newbie question, so I'll be brief:
I am behind two NAT routers (Linksys running DD-WRT) with port
forwarding up to the machine running pmacct, and yet pmacct reports
SSH traffic to the forwarded port with the public (external,
non-NATed)
On 02/15/2010 06:00:22 PM, Jeff Welling wrote:
First off, I was wondering if anyone has seen anything similar to the
first bit of trouble I'm having. When I torrent, if I continue for
prolonged periods of time (a day or more), my sql server starts to
get
bogged down with updates from
On 02/19/2010 07:42:08 AM, Chris Wilson wrote:
Hi Paolo and Daniel,
I deleted the primary key from that table because it should not be
necessary (there should not be any duplicates if everything is
configured
correctly) and it makes inserts extremely slow (by a factor of
10-100)
when
On 02/19/2010 10:24:57 AM, Chris Wilson wrote:
Hi Karl,
On Fri, 19 Feb 2010, Karl O. Pinc wrote:
FWIW, the automatic sequential key generation speed is unrelated
to table size when using postgresql.
There is no sequence to generate as far as I know. The problem is the
size
On 03/03/2010 03:51:25 AM, Jeff Welling wrote:
Hey,
Im finding that one of my ISPs changes my IP frequently.
Is there a way to get the actual IP to show up without having to
specify
it in an aggregate_filter line in the config?
Probably not, although I'm not thinking it through.
You
On 03/23/2010 10:25:04 AM, Ruben Laban wrote:
On Tuesday 23 March 2010 at 16:10 (CET), Karl O. Pinc wrote:
On 03/23/2010 06:00:13 AM, Ruben Laban wrote:
Hello list,
I'm trying to cook up an improved datamodel to store our
bandwidth
statics.
Have you considered rrdtool
On 05/27/2010 07:06:50 AM, Sergio Charpinel Jr. wrote:
- I'm running analyze in every insert, within the create table
function:
CREATE OR REPLACE FUNCTION cria_tab_pmacct(text)
RETURNS void AS $$
DECLARE
myrec RECORD;
BEGIN
SELECT 1 INTO myrec FROM pg_catalog.pg_class WHERE
On 08/16/2010 01:38:22 PM, Borys Owczarzak wrote:
Hi!
I would like to account data (src_ip, dst_ip, src_port, dst_port,
ip_proto, tcp_flags and time ) to mysql database. Every packet in new
row (no UPDATE's, only INSERT's).
PROBLEM:
Why in some records number of packets are more than
On 09/15/2010 05:48:51 AM, Paolo Lucente wrote:
Hi Chris,
On Tue, Sep 14, 2010 at 09:16:37AM +0200, Chris Wilson wrote:
I'm not sure about adding a new config switch, do we actually need
it? I
seem to recall some wiser counsel to not add configuration options
where
possible, as it
On 02/08/2011 12:00:51 PM, Paolo Lucente wrote:
On Mon, Feb 07, 2011 at 06:10:28PM +0100, Johan Karlsson wrote:
Hi!
I'm having trouble compiling a pmacct with PF_RING on Debian
Squeeze
64-bit. It worked perfectly on a 32-bit ditto.
You could start by rebuilding the stock debian pmacct
On 06/20/2012 08:57:56 AM, Komil Gulboev wrote:
Hi,
I`m trying to install 0.14 version but after starting ./configure
can`t
do MAKE,
after typing MAKE receive error like *bash: make: command not found*
You have to install the make command on your system. (And probably
the rest of the
On 07/16/2012 04:28:25 PM, Leonardo Sápiras wrote:
Hi everybody,
I am trying to use the aggregate peer_src_ip in my pmacctd.conf. But
when
I start it the pmacct says: ERROR ( default/mysql ): The accounting
of
flows requires SQL table v4. Exiting.
Without this directive, it works.
On 05/02/2013 04:50:16 AM, Timur Irmatov wrote:
Hi.
I am running a pmacctd with netflow export on Linux box. Traffic on
interface where pmacctd is configured to capture is about 500Mbit/s.
After a while pmacct stops exporting netflow data, and CPU
utilisation
of two pmacct processes drops
On 07/08/2013 05:30:36 AM, Joan wrote:
BTW, just found in the changelog for 0.14.1 this:
! fix, net_aggr.c: defining a networks_file configuration directive
in
conjunction with --enable-ipv6 was causing a SEGVs. This is now
solved.
That could be the cause for my issue (unless debian
On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote:
Hi all,
Concerning HTTP: I guess the thing to output would be hostname, since
you can have multiple HTTP requests to different URLs inside one TCP
Session.About DNS, what should be outputted? I guess the hostname for
A queries is good enough
On 03/24/2014 08:14:25 AM, Chris Wilson wrote:
I'd like to see the *content* of DNS requests and responses available
to
be logged in data records by pmacct. It can be very helpful in
identifying
which website someone was trying to access, when all we have is an IP
address. I accept that
On 07/18/2014 03:24:25 PM, THE MIGHTY VEXORG wrote:
Hello,
I have netflow coming from a few devices where the source AS and
destination AS both show up as 0 and is confirmed with tcpdump
captures,
so nfacctd dutifully stores these in the database with zeroes. I
would
like to have all
On 09/16/2014 04:25:19 AM, Thomas King wrote:
We are thinking about adding features in the following categories:
- Reconfiguration via API: As we want to use pmacct in a dynamic
environment we want to be able to change the configuration via an API
without restarting pmacct.
Just curious.
On Sun, 8 Mar 2015 20:11:51 +
Daniel Eschner d...@sfhost.de wrote:
Hi there,
Is there any know Webinterface to connect to the pmacct DB and check
the traffic?
I am not a programmer that i can do these small things by my self :-(
Depends on the database you are using.
Postgresql has
I am not paying attention, but there are also standard
tools like netcat or socat that can be used to distribute
data over a network. There's often no reason
to re-invent something that already works.
Plugging together modular components is the Unix way.
On Fri, 27 Feb 2015 20:23:15 +
Paolo
On Fri, 13 Nov 2015 08:17:40 +
Ralf Kirmis wrote:
> Hello,
>
> i work at a small ISP and want to achieve the following:
>
> I get Netflow Data from a router which supports multiple customers.
> I want then a tabular listing of the summarized traffic from one
> day / one
On Mon, 14 Dec 2015 13:33:36 +
Daniel Kopp wrote:
> I don’t know an config switch to enable something like this in pmacct.
> And I believe this can’t be done while recording flows as you never
> know which traffic relation will become big beforehand :-)
>
> If your
On Tue, 2 Aug 2016 10:35:44 -0500
Robert Juric wrote:
> Well would anyone else be interested in developing a dedicated
> front-end utilizing the existingpmacct database? Or is it the general
> consensus that everyone exports the pmacct data to other systems for
>
On Tue, 02 Aug 2016 17:59:14 +0200
Davide Principi <davide.princ...@nethesis.it> wrote:
> On Tue, 2016-08-02 at 10:41 -0500, Karl O. Pinc wrote:
> > Time-series storage seems the way to go. And rrd-tool seems
> > like the tool for that job.
>
> What if accountin
On Wed, 3 Aug 2016 14:31:08 +0200
raf <r...@futomaki.net> wrote:
> Le 02/08/2016 à 17:41, Karl O. Pinc a écrit :
> > And rrd-tool seems
> > like the tool for that job.
> >
>
> rdd still made a great job, but I think there are better option today.
> (infl
problems, then it makes sense to
compile your own.
On the other hand if what the distro releases works for you
why bother to go though extra work to get shiny new features you
don't need?
>
> > Le 6 juil. 2016 à 12:42, Karl O. Pinc <k...@meme.com> a écrit :
> >
> > FYI.
On Tue, 5 Jul 2016 12:58:27 +
Johan Sjöberg wrote:
> We have been running pmacct 1.2.5 on Debian Squeeze for many years.
> We are now trying to set up a new server, running Debian Jessie. I
> have downloaded pmacct 1.6.0 (and also 1.5.3), and tried compiling
> it.
ight want
to check newer changlogs to see if any important bugs
were fixed or some such.
> /Johan
> ____
> Från: Karl O. Pinc <k...@meme.com>
> Skickat: den 6 juli 2016 12:42:37
> Till: Johan Sjöberg
> Kopia: pmacct-discussion@pmacct.net
> Ä
On Tue, 13 Dec 2016 15:05:31 +
"Miethe, Martin" wrote:
> I just spent some time trying to set up dynamic mysql tables. The log
> keeps saying:
>
> Dec 13 15:26:01 INFO ( out/mysql ): *** Purging cache - START (PID:
> 20506) *** Dec 13 15:26:01 ERROR (
On Thu, 5 Jan 2017 10:57:01 +0100
Yann Belin wrote:
> Not strictly a pmacct/nfacct question, but I was wondering if anyone
> ever built a similar setup.
Not strictly a pmacct/nfacct response, but thought I'd comment
anyway. ;-)
> A central side would then gather
> data
On Mon, 6 Mar 2017 17:48:24 -0600
Edward Henigin wrote:
> And as far as updating docs, I might suggest adding to the
> sql_dont_try_update key the fact that the sql_cache_entries needs to
> be large enough to prevent multiple purges per update cycle :-)
Last I looked the docs
ache_size". It should
-- be larger than shared_buffers. "checkpoint_segments"
-- should probably be at least 32, much more if write
-- performance is an issue. For details see:
--https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server
>
On Fri, 7 Dec 2018 16:42:31 +
Paolo Lucente wrote:
> You could make the field variable-length - optimizing space and
> avoiding you the try & error of finding the sweet spot size for the
> as path field at the expense of more computing.
I would not expect a Postgres TEXT column, which is
Hello,
I also consent to relicensing any and all the contributions I have made
to the pmacct project. (I may have sent documentation patches in via email
at some point. I forgot about those.)
Regards,
Karl
Free Software: "You don't pay back, you pay forward."
-- Robert A.
On Tue, 13 Oct 2020 06:16:59 +
Felix Stolba wrote:
> Out of curiosity I've been playing around with ncat, trying to
> encrypt a regular IPFIX stream and sending it to nfacctd_dtls_port.
FYI, FWIW. Other tools you might be interested in are socat and
stunnel. I've forgotten the details,
Hi Paolo,
On Wed, 4 May 2022 01:25:23 -0300
Paolo Lucente wrote:
> Somehow i can't reproduce the problem, both pmacct.net and
> www.pmacct.net do actually work for me no problem (http of course,
> ie. not https, well no https is advertised out nor does it work).
>
> Can you please qualify the
On Tue, 3 May 2022 18:19:50 +
"Compton, Rich A" wrote:
> Hi, I’m trying to take the netflow records from nfacctd and process
> them with a python script. Can someone suggest how I can do this
> with python without having nfacctd put them into a database and then
> have my python script read
FYI.
I notice that "pmacct.net" in my browser's URL bar does
not redirect to "www.pmacct.net". I get
"unable to connect".
Regards,
Karl
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
___
On Thu, 15 Dec 2022 19:03:45 +
"Compton, Rich A" wrote:
> Hi, I have a few (~20) lists of IPs provided by Shadowserver
> (https://www.shadowserver.org) on a daily basis. Some lists contain
> a few hundred IPs and some contain tens of thousands of IPs. I want
> to have pmacct filter out
63 matches
Mail list logo