[pmacct-discussion] Nfacct - Missing src_port, and dst_port

Tue, 12 Apr 2016 03:40:17 -0700 

Hello all,

I'm new to pmacct and I'm trying to collect IPFIX flows sent from a cisco
router using nfacctd and mysql plugin. The problem is I'm not able to
collect src_port and dst_port although I'm able to collect them using
another netflow collector (SILK).

*nfacct.conf:*

daemonize: false
aggregate[dummy]: src_host, dst_host, src_port, dst_port
nfacctd_port: 4739
nfacctd_time_new: true
plugins: mysql[dummy]
sql_db: pmacct
sql_table: acct
sql_table_version: 1
sql_passwd: XXXX
sql_user: XXXX
sql_refresh_time: 90
sql_history: 10m
sql_history_roundoff: mh

<SNIP>
+-------------+-------------+--------------+---------------+----------+----------+----------+---------+-------+---------------------+---------------------+
| mac_src     | mac_dst     | ip_src       | ip_dst        | src_port |
dst_port | ip_proto | packets | bytes | stamp_inserted      |
stamp_updated       |
+-------------+-------------+--------------+---------------+----------+----------+----------+---------+-------+---------------------+---------------------+
| 0:0:0:0:0:0 | 0:0:0:0:0:0 | XX.XX.XX.XX | XX.XX.XX.XX |        0 |
0 | ip       |       1 |   143 | 2016-04-12 11:50:00 | 2016-04-12 11:54:01 |
+-------------+-------------+--------------+---------------+----------+----------+----------+---------+-------+---------------------+---------------------+
<SNIP>

<SNIP>
DEBUG ( default/core ): NfV10 agent         : ::ffff:XX.XX.XX.XX:256
DEBUG ( default/core ): NfV10 template type : flow
DEBUG ( default/core ): NfV10 template ID   : 269
DEBUG ( default/core ): ----------------------------------------
DEBUG ( default/core ): |     field type     | offset |  size  |
DEBUG ( default/core ): | IPv4 src addr      |      0 |      4 |
DEBUG ( default/core ): | IPv4 dst addr      |      4 |      4 |
DEBUG ( default/core ): | L4 src port        |      8 |      2 |
DEBUG ( default/core ): | L4 dst port        |     10 |      2 |
DEBUG ( default/core ): | in bytes           |     12 |      4 |
DEBUG ( default/core ): | in packets         |     16 |      4 |
DEBUG ( default/core ): ----------------------------------------
.....
.....
DEBUG ( dummy/mysql ): INSERT INTO `acct` (stamp_updated, stamp_inserted,
ip_src, ip_dst, src_port, dst_port, ip_proto, mac_src, mac_dst, packets,
bytes) VALUES (FROM_UNIXTIME(1460456228), FROM_UNIXTIME(1460455800),
'XX.XX.XX.XX', 'XX.XX.XX.XX', 0, 0, 'ip', '0:0:0:0:0:0', '0:0:0:0:0:0', 1,
123)
<SNIP>

BR,
Bassem Zaki

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to