I found out some more information based on a hunch I had this morning. Instead of doing -M "*", I tried doing -M "217.148.171.0;217.148.171.1;....;217.148.190.255" (so I specified *all* 512 ip addresses that are behind this particular firewall. I haven't tested it very extensively, but so far it seems to be perform as expected: counters seem to be reset properly now. There's one big downside to this approach though. The runtime of pmacct increased from 0.1-0.2 seconds to 2-3 seconds! Even though a few seconds more or less on a 5 minute timeframe aren't really that important, I always aim to have my scripts perform as fast as possible. Perhaps this little bit of extra info might stir up some hints and/or tips concerning this problem.
Thanks in advance. Kind regards, Ruben Laban On Wednesday 13 June 2007, Ruben Laban wrote: > Hi list, > > I'm working on my own frontend for pmacct. While looking at the data my > script stored in the database, I noticed that the counters for quite some > ip addresses were constantly increasing even though I use 'pmacct -r'. > > In detail: > > Every minute (eventually I'll be doing it every 5 minutes) I run pmacct > twice: /usr/bin/pmacct -r -c src_host -M "*" -p /tmp/pmacct_$dir.pipe > where $dir is 'in' or 'out'. > I've also run some tests interactively on the commandline, which shows > similar behaviour. It isn't full reproducable though. Sometimes consecutive > runs of pmacct -r does seem to reset the counters, sometimes it doesn't. > Also, as far as I could notice, it only applies to the /tmp/pmacct_in.pipe. > So I thought it might have something to do with the -c src_host, but if I > change it to dst_host, nothing seems to be changing concerning this > behaviour. > > I really have no further clue on what could be causing this. This is my > pmacctd config: > > # cat /etc/pmacct/pmacctd.conf > ! > !! pmacctd configuration > ! > > !! Uncomment this line to enable debug mode > ! debug: true > > !! Don't run in promiscuous mode > promisc:false > > !! Monitor wan0 interface > interface: wan0 > > !! Run as daemon > daemonize: true > > !! Use seperate memory tables for in/outbound traffic > plugins: memory[in], memory[out] > aggregate[in]: dst_host > aggregate[out]: src_host > aggregate_filter[in]: dst net 217.148.171.0/24 or 217.148.190.0/24 > aggregate_filter[out]: src net 217.148.171.0/24 or 217.148.190.0/24 > imt_path[in]: /tmp/pmacct_in.pipe > imt_path[out]: /tmp/pmacct_out.pipe > > !! Define buffer sizes > plugin_buffer_size: 10240 > plugin_pipe_size: 10240000 > > !! Define memory tables sizes > imt_buckets: 65537 > imt_mem_pools_size: 65536 > ! imt_mem_pools_number: 0 > > I hope someone could shed some light on this issue. > > Kind regards, > -- > Ruben Laban > Systems and Network Administrator > [EMAIL PROTECTED] > > ISM eCompany > Van Nelleweg 1 > Postbus 13043 > 3004 HA Rotterdam > +31 (0)10 243 6000 (tel) > +31 (0)10 243 6066 (fax) > www.ism.nl > > Quality Solutions - Reliable Partner _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
