I am still trying to use nfacct (with some difficulties).
I'm collecting netflows from a cisco 7204 router with the last ubuntu and nfacctd 0.10.1.
I would like create a netflow history to be able to answer these questions :
- For a local IP and a protocol, how many octets where send or received at Monday 15 of may 2006 ?
- For one protocol (ftp ...) or a port, how many connections appended between January and march 2006 ?
These are examples but resumes the idea.
If possible, I'd like keep these information for a year.
I know that it will not be possible to keep detailed information on a long period but this could be possible to fall preciseness of datas after six month for example.
I tried a few solutions and understood that I have to use mysql plugin.
Here is my conf file :
debug: true
daemonize: false
nfacctd_port: 9999
nfacctd_allow_file: /home/cedric/pmacct-0.10.1/maconfig/routeurs.lst
plugin_buffer_size: 2048
plugin_pipe_size: 2048000
aggregate[in_net]: dst_net
aggregate_filter[in_net]: dst net x.y.0.0/16 OR dst net a.b.0.0/16
plugins: mysql[in_net]
networks_file[in_net]: /home/cedric/pmacct-0.10.1/maconfig/reseaux.lst
sql_history: 1h
sql_history_roundoff: m
sql_db: pmacct
sql_table: acct
sql_table_version: 4
sql_passwd: --------
sql_user: root
sql_refresh_time: 30
daemonize: false
nfacctd_port: 9999
nfacctd_allow_file: /home/cedric/pmacct-0.10.1/maconfig/routeurs.lst
plugin_buffer_size: 2048
plugin_pipe_size: 2048000
aggregate[in_net]: dst_net
aggregate_filter[in_net]: dst net x.y.0.0/16 OR dst net a.b.0.0/16
plugins: mysql[in_net]
networks_file[in_net]: /home/cedric/pmacct-0.10.1/maconfig/reseaux.lst
sql_history: 1h
sql_history_roundoff: m
sql_db: pmacct
sql_table: acct
sql_table_version: 4
sql_passwd: --------
sql_user: root
sql_refresh_time: 30
Executing nfacctd, i received this messages :
[EMAIL PROTECTED]:/home/cedric/pmacct-0.10.1/maconfig# nfacctd -f nfacct.conf | head
ERROR ( nfacct.conf ): Unknown plugin type: mysql. Ignoring.
WARN ( nfacct.conf ): No plugin has been activated; defaulting to in-memory table.
WARN ( nfacct.conf ): Unknown symbol 'in_net'. Line 24 ignored.
WARN ( nfacct.conf ): Unknown symbol 'in_net'. Line 25 ignored.
WARN ( nfacct.conf ): Unknown symbol 'in_net'. Line 27 ignored.
WARN ( default/memory ): defaulting to SRC HOST aggregation.
INFO ( default/memory ): Pipe size obtained: 111616 / 4000.
DEBUG ( default/memory ): allocating a new memory segment.
DEBUG ( default/memory ): allocating a new memory segment.
OK ( default/memory ): waiting for data on: '/tmp/collect.pipe'
ERROR ( nfacct.conf ): Unknown plugin type: mysql. Ignoring.
WARN ( nfacct.conf ): No plugin has been activated; defaulting to in-memory table.
WARN ( nfacct.conf ): Unknown symbol 'in_net'. Line 24 ignored.
WARN ( nfacct.conf ): Unknown symbol 'in_net'. Line 25 ignored.
WARN ( nfacct.conf ): Unknown symbol 'in_net'. Line 27 ignored.
WARN ( default/memory ): defaulting to SRC HOST aggregation.
INFO ( default/memory ): Pipe size obtained: 111616 / 4000.
DEBUG ( default/memory ): allocating a new memory segment.
DEBUG ( default/memory ): allocating a new memory segment.
OK ( default/memory ): waiting for data on: '/tmp/collect.pipe'
I know sql_history ... parameters are not good but I think the problem comes from something else.
Any ideas ?
Cheers
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
