Hi Mirko, On Wed, Feb 14, 2007 at 08:19:52PM +0100, Mirko wrote:
> If i use sum_host with networks.lst containing 192.168.0.0/16, is it > right, that only traffic inside 192.168.x.x will be accounted? > > For example > > only inside the local network? > 192.168.0.1 <--> ..... <--> 192.168.0.11 > > or also for the connection from/to local network? > 192.168.0.1 <--> ..... <--> 217.237.149.161 > > If i understand you correctly, the traffic for the second example will > be rewritten as 0.0.0.0, isn't it? No. The first will be rewritten as: 192.168.0.1 <amount x> 192.168.0.11 <amount x> The second will be rewritten as: 192.168.0.1 <amount y> 0.0.0.0 <amount y> > > Such setup will allow you to get two different SQL tables: acct_in > > containing incoming traffic to your 192.168.x hosts and acct_out > > containing outgoing traffic from your 192.168.x hosts on a per-host > > basis. On a plus side, your tables will remain small. You can also > > still choose dynamic tables on top of this. > > Accounting by "aggregate: ip_src,ip_dst" gives me also the In- and > Outcoming Traffic for each local client? > What is the difference between using the aggregate_filter directive and > the normal aggregate directive? You can achieve the same result by both using: a) two distinct tables, say, acct_in and acct_out, one aggregating on dst_host and the other on src_host. b) a single table aggregating on src_host,dst_host Assuming no historical breakdown is involved, the difference lies in the fact that, say, you are monitoring just a C class. In a) you will get two distinct tables with a maximum of 255 entries each while in b) you will get much more entries - ie. assuming there is internal traffic and, say, each host communicates with each other in your C class, you can easily have 255*(255-1) entries. Moreover, post-processing of a) is lighter than in b) as the former requires just trivial additions, while the latter involves sub-aggregations. I'd say, combination of primitives are killers when not required: go either for a) or for sum_host. Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
