> Regarding the ports: actually nfprobe plugin creates full-featured > NetFlow v5 packets, ignoring the 'aggregate' directive. This might > change in the very near future. To workaround this, you can switch > to NetFlow v9 - which honours the 'aggregate' content.
Paolo, I switched over to v9, but now, only bytes and packets went into my DB. This is my probe config: daemonize: true debug: false interface: eth0 plugins: nfprobe promisc: false aggregate: src_port, dst_port, tag nfprobe_receiver: X.X.X.X:9996 nfprobe_version: 9 nfprobe_engine: 2:0 pcap_filter: port 25 syslog: daemon And this is my server: debug: false daemonize: true aggregate[sql]: src_host, dst_host, src_port, dst_port, proto, tag nfacctd_time_new: true nfacctd_port: 9996 plugins: mysql[sql] pre_tag_map: /usr/local/pmacct/etc/pre_tag_map sql_db[sql]: pmacct sql_table[sql]: acct_v5_sql1_%Y_%m_%d sql_table_schema[sql]: /usr/local/pmacct/etc/acct_v5_1.schema sql_table_version[sql]: 5 sql_passwd[sql]: xxx sql_user[sql]: xxx sql_refresh_time[sql]: 60 sql_history[sql]: 1h sql_history_roundoff[sql]: mh syslog: daemon This was my DB entry with v5: 80.239.63.123 81.24.72.50 4831 25 tcp 0 51 63185 0 With v9: 0.0.0.0 0.0.0.0 0 0 ip 0 9870 7320830 IMHO there should be at least src_port and dst_port get inserted. Perhaps I must also aggregate "proto" in my probes config? Thanks, Michael _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
