Hi List,
Maybe someone can point out what I am doing wrong. I am trying to get nfacctd to
only do inserts and not do updates
but my data looks like it is still doing updates, see row from pgsql below:
tag | ip_src | ip_dst | port_src | port_dst | ip_proto | tos |
packets |
Hi Paolo,
I had to look at the code but I figured it out.
needed minb= not minb>=
On 08/02/2016 09:36 AM, Steve Clark wrote:
Hi Paolo,
I am trying to limit netflow aggregates to greater than 100 bytes before
insertion into my PG database, but
I can't seem to get it to work. All aggregates
Hi List,
I am looking to collect a large number of netflow records, on the order of a 100
million a day,
and store them in a postgres DB. Has anyone done this or something similar using
pmacct?
Thanks,
Steve
___
pmacct-discussion mailing list
- nfacctd.
Steve
On 08/04/2016 11:48 AM, David McKen wrote:
For that type of scale maybe a SQL like NoSQL db like cassandra may work
better for you.
On Thu, Aug 4, 2016 at 11:01 AM, Stephen Clark <sclar...@earthlink.net
<mailto:sclar...@earthlink.net>> wrote:
Hi List,
to
false and decrease to the minimum the active timeout on your NetFlow
exporter (what is happening now is that some long-lived flows is
being trapped at the exporter long time before being exported to
the collector).
Cheers,
Paolo
On Wed, Jul 27, 2016 at 11:30:47AM -0400, Stephen Clark wrote:
Hi List
m: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net]
On Behalf Of Stephen Clark
Sent: Thursday, August 04, 2016 5:01 PM
To: pmacct-discussion@pmacct.net
Subject: [pmacct-discussion] collecting large number of netflows
Hi List,
I am looking to collect a large number of netflow records, on the or
Hi Paolo,
I looked thru the CONFIG_KEYS and didn't find the ability to do sampling except
in the SQL_preprocess keys. Is it possible to do the sampling at the point
the neflow records are first created - in other words by nfprobe?
Thanks,
Steve
--
"They that give up essential liberty to
/OfficialConfigKeys
--
Tim
On Wed, Aug 24, 2016 at 9:37 AM, Stephen Clark <sclar...@earthlink.net
<mailto:sclar...@earthlink.net>> wrote:
Hi Paolo,
I looked thru the CONFIG_KEYS and didn't find the ability to do sampling
except
in the SQL_preprocess keys. Is it po
Hi,
I am having a problem with nfacctd getting way behind with ver 1.5.3
Everything is ok until I add a server that is sending a lot of netflows
then things start bogging down. I see the nfacctd plugins using 100% cpu using
top.
Then I start getting seg faults:
Nov 8 15:28:01 netflow2 kernel:
get unstabe and you may see multiple processes in such
state as they start competing with kernel, ie. swap, etc.
Cheers,
Paolo
On Tue, Nov 08, 2016 at 03:34:57PM -0500, Stephen Clark wrote:
Hi,
I am having a problem with nfacctd getting way behind with ver 1.5.3
Everything is ok until I add
Hi,
I get the following error when trying to build 1.6.1 on CentOS 6.0
CCLD pmacctd
/usr/local/lib/libpcap.a(bpf_filter.o): In function `bpf_validate':
(.text+0x0): multiple definition of `bpf_validate'
Oops - we just hit 10 writers.
On 11/09/2016 08:54 AM, Stephen Clark wrote:
Hi Paolo,
Thanks for the response. Do you see anything in our confguration
that I could adjust to mitigate the situation.
We never reach 10 sql writers.
Would increasing the any of these help?
sql_refresh_time: 60
On 11/09/2016 09:21 PM, Vincent Bernat wrote:
❦ 9 novembre 2016 11:56 -0500, Stephen Clark <sclar...@earthlink.net> :
LIBS . : -L/usr/pgsql-9.4/lib -ldl -L/usr/local/lib -lpfring
-lpcap -lrt -lnuma -lz -lpthread
If libpfring is linked to one version of libpcap and your
nfacctd_port: 2055
Thanks for your support.
Steve
On 11/12/2016 09:31 AM, Paolo Lucente wrote:
Hi Steve,
Canyou please post your integral config to try to reproduce the issue?
It smells like something is wrong (bug).
Cheers,
Paolo
On Wed, Nov 09, 2016 at 10:38:02AM -0500, Stephen Clark wrote:
Hi Paolo
Hmm...
Doesn't samplicate do this?
and each should be specified as
[/[/]], where
IP address of the receiver
port UDP number of the receiver (default 2000)
number of received datagrams between successive
copied
Hi Paolo,
Does nfacctd make use of pfring or is it only used by pmacctd?
Thanks,
Steve
signature.asc
Description: OpenPGP digital signature
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Hi Paolo,
I did a minimal test of the new nDPI integration. It looks promising.
What is the first Unknown suppose to represent?
Unknown/Kerberos
Unknown/Kerberos
Unknown/Kerberos
This is a little confusing - this was traffic between the same host - very close
together but
only one is
Hi Paolo,
Noticed an error in the example you gave in the documentation.
5) Configure pmacct. The following sample configuration is based on pmacctd and
the print plugin with formatted output to stdout:
daemonize: true
interface: eth0
snaplen: 700
!
plugins: print
!
ed.\n",
filename, LARGEBUFLEN);
Shouldn't *cfg[SRVBUFLEN] be *cfg[LARGEBUFLEN] ?
It looks like there are not enough array elements to hold all the config item we
have.
Regards,
Steve
On 08/22/2017 03:06 PM, Stephen Clark wrote:
> Hi Paolo,
>
> We have a large nfacctd.conf file around 530
Hi,
has anyone hooked nDPI into pmacctd for packet classification?
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas
Hi Paolo,
We have multiple nic ports and ips on systems we are using pmacctd on. Is there
a way to specify the ip address pmacctd is using for the source address in the
netflow packets it is sending? I didn't see anything in the config-keys file but
I could
have missed it.
As an example
. Therefore I think the option called
nfprobe_source_ip might be the one you're looking for.
Let me know if that fits your use-case.
Regards
Felix
Am 17.10.19, 16:56 schrieb "pmacct-discussion im Auftrag von Stephen Clark"
:
Hi Paolo,
We have multiple nic ports and ips
On 1/22/20 11:20 AM, Stephen Clark wrote:
Hi Paolo,
can nfprobe export nbar data like cisco's?
Thanks,
Steve
Answering my own question it appears that is can. Is anybody using it sending
NetFlows to
SolarWinds.
--
"They that give up essential liberty to obtain temporary safety,
de
On 1/22/20 2:40 PM, Stephen Clark wrote:
On 1/22/20 11:20 AM, Stephen Clark wrote:
Hi Paolo,
can nfprobe export nbar data like cisco's?
Thanks,
Steve
Answering my own question it appears that is can. Is anybody using it sending
NetFlows to
SolarWinds.
Answering my question again
Hi Paolo,
can nfprobe export nbar data like cisco's?
Thanks,
Steve
--
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
I am too.
On 1/11/20 3:38 PM, Mike Jager wrote:
On 9 Jan 2020, at 2:52, Job Snijders wrote:
We need explicit approval from all contributors, and carefully keep
track of those agreements. If a contributor doesn't agree or answer,
we'll have to re-implement the contributed functionality or
Hello,
Can anyone give the magic configuration items I need to build using a static
libndpi.a
I have spend all day trying to do this without any success. It seem like I tried
every combination
that ./configure --help displays.
Any help would be appreciated.
Thanks,
Steve
Updating - I logged out - logged back in
used
./configure '--enable-ndpi' --with-ndpi-static-lib=/usr/local/lib '--enable-l2'
'--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins'
and it built using ndpi static lib just fine.
Hello,
Can anyone give the magic
Spoke to soon,
Still created pmacctd using shared lib for ndpi
ldd pmacct/src/pmacctd
linux-vdso.so.1 => (0x7ffeb1be6000)
libndpi.so.3 => /usr/local/lib/libndpi.so.3 (0x7f4258388000)
Updating - I logged out - logged back in
used
./configure '--enable-ndpi'
te on
the list? In the seek for a static library? Perhaps time to look into a
container instead? :-D
Paolo
On Tue, Jun 23, 2020 at 01:44:32PM -0400, Stephen Clark wrote:
Hello,
Can anyone give the magic configuration items I need to build using a static
libndpi.a
I have spend all day trying to do th
30 matches
Mail list logo
