Hi,
Let's say we configure pmacct to aggregate on: src ip, src port, dst ip, dst
port, proto. That means that it will produce flow records aggregating on the
TCP quintuple.
Would it be possible to get the start timestamp (time of TCP SYN) of a TCP
connection? Similarly, would it be possible to
, Stathis Gkotsis wrote:
Hi,
Let's say we configure pmacct to aggregate on: src ip, src port, dst ip,
dst port, proto. That means that it will produce flow records aggregating
on the TCP quintuple.
Would it be possible to get the start timestamp (time of TCP SYN) of a TCP
connection
Hi all,
First, I would like to thank you for the great product, pmacct has proven very
useful to me, which brings me to my question :)I see that it is possible to
enable traffic classification, which is about detecting L7 protocol. I am
particularly interested in HTTP and also outputting the
Dubrovskyi wrote:
22.03.2014 21:20, Stathis Gkotsis пишет:
First, I would like to thank you for the great product, pmacct
has proven very useful to me, which brings me to my question :)
I see that it is possible to enable traffic classification,
which is about detecting L7 protocol. I am
Hi all,
I am using pmacctd with libpcap. My configuration is the following:
daemonize: falsepcap_filter: port 80 // only interested in HTTP
trafficplugin_pipe_size: 10240plugin_buffer_size: 102400aggregate:
src_host,dst_host,src_port,dst_port,proto,classclassifiers:
,
Paolo
On Sun, Apr 06, 2014 at 08:17:07PM +0300, Stathis Gkotsis wrote:
Hi all,
I am using pmacctd with libpcap. My configuration is the following:
daemonize: falsepcap_filter: port 80 // only interested in HTTP
trafficplugin_pipe_size: 10240plugin_buffer_size: 102400aggregate
object is culprit here). It would be great if we could
debug/review this together. Shall we follow-up privately on this?
Cheers,
Paolo
On Mon, Apr 07, 2014 at 11:39:24PM +0300, Stathis Gkotsis wrote:
Hi Paolo,
Yes, I use pfring. It is both traffic rate and classification which cause
