Hello. I'm new in this and have some problems with pmacct.
I want to make an accounting for a hole subnet with large numbers of IPs. The accounting should primary used for billing the use of traffic.
I set up pmacct with the following configuration: daemonize: true pidfile: /var/run/sfacctd.pid syslog: daemon sfacctd_port: 6000 sfacctd_ip: <LOKAL-IP> aggregate: src_host,dst_host networks_file: /etc/traffic/networks plugins: mysql plugin_pipe_size: 10240000 plugin_buffer_size: 10240 sql_host: localhost sql_user: <MYSQL-USER> sql_passwd: <MYSQL-PASS> sql_db: pmacct sql_table: acct_v7 sql_table_version: 7 sql_refresh_time: 5 sql_optimize_clauses: true sql_history: 1h sql_history_roundoff: mThis works in that way, that it fills the MySQL-Table with lots of data. And internal traffic (network-ip to network-ip) is seperated from traffic to the outside world. The only Problem i have is, that the bytes-values are absolutely impossible.
This for example are the entries for a hight traffic ip-address: +----------+----------+---------+---------+------+--------+--------+-------------+-------------+----------+----------+-----------+----------+-----+---------+----------+-------+---------------------+---------------------+ | agent_id | class_id | mac_src | mac_dst | vlan | as_src | as_dst | ip_src | ip_dst | src_port | dst_port | tcp_flags | ip_proto | tos | packets | bytes | flows | stamp_inserted | stamp_updated | +----------+----------+---------+---------+------+--------+--------+-------------+-------------+----------+----------+-----------+----------+-----+---------+----------+-------+---------------------+---------------------+ | 0 | | | | 0 | 0 | 0 | < My IP > | 0.0.0.0 | 0 | 0 | 0 | | 0 | 12205 | 13580799 | 0 | 2007-09-01 00:00:00 | 2007-09-03 18:03:42 | | 0 | | | | 0 | 0 | 0 | 0.0.0.0 | < My IP > | 0 | 0 | 0 | | 0 | 7776 | 964997 | 0 | 2007-09-01 00:00:00 | 2007-09-03 17:52:04 | | 0 | | | | 0 | 0 | 0 | 0.0.0.0 | < My IP > | 0 | 0 | 0 | | 0 | 38 | 10115 | 0 | 2007-09-13 10:00:00 | 2007-09-13 10:58:22 | | 0 | | | | 0 | 0 | 0 | < My IP > | 0.0.0.0 | 0 | 0 | 0 | | 0 | 42 | 43132 | 0 | 2007-09-13 10:00:00 | 2007-09-13 11:00:05 | | 0 | | | | 0 | 0 | 0 | 0.0.0.0 | < My IP > | 0 | 0 | 0 | | 0 | 124 | 17510 | 0 | 2007-09-13 11:00:00 | 2007-09-13 11:59:20 | | 0 | | | | 0 | 0 | 0 | < My IP > | 0.0.0.0 | 0 | 0 | 0 | | 0 | 153 | 170907 | 0 | 2007-09-13 11:00:00 | 2007-09-13 12:00:00 | | 0 | | | | 0 | 0 | 0 | < My IP > | 0.0.0.0 | 0 | 0 | 0 | | 0 | 159 | 162458 | 0 | 2007-09-13 12:00:00 | 2007-09-13 12:59:43 | | 0 | | | | 0 | 0 | 0 | 0.0.0.0 | < My IP > | 0 | 0 | 0 | | 0 | 22 | 3051 | 0 | 2007-09-13 12:00:00 | 2007-09-13 12:14:55 | | 0 | | | | 0 | 0 | 0 | < My IP > | 0.0.0.0 | 0 | 0 | 0 | | 0 | 40 | 47695 | 0 | 2007-09-13 13:00:00 | 2007-09-13 13:15:07 | | 0 | | | | 0 | 0 | 0 | < My IP > | 0.0.0.0 | 0 | 0 | 0 | | 0 | 88 | 99673 | 0 | 2007-09-19 10:00:00 | 2007-09-19 10:55:38 | +----------+----------+---------+---------+------+--------+--------+-------------+-------------+----------+----------+-----------+----------+-----+---------+----------+-------+---------------------+---------------------+Here for "2007-09-13 12:00:00" it tells me the IP used "162458" bytes and 159 Packets in that hour. That means it used just 159kb traffic??? That is absolutly impossible for this ip and has to be much more. Is it possible, that i have to multiply the bytes value with the packets-value? Or are the bytes values already rounded to megabyte?
I'm quite a bit confused about how to read this results and if they are realy trustable.
I would be glad, if someone could tell me how to understand this ad if i'm doing something wrong.
Best regards, Oliver Treck
begin:vcard fn:Oliver Treck n:Treck;Oliver org:Treck.de - the WEB energyzer adr:;;Rektor-Kruse-Weg 13;Iserlohn;NRW;58644;Deutschland email;internet:[EMAIL PROTECTED] title:Inhaber tel;work:+49-2371-779701 tel;fax:+49-2371-779702 tel;cell:+49-160-94168378 url:http://www.treck.de version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
