Appreciate the responses - and preemptively apologize for the length of this response.
$/usr/local/sbin/pmacctd WARN ( cmdline ): No plugin has been activated; defaulting to in-memory table. Promiscuous Mode Accounting Daemon, pmacctd 0.11.6-cvs Paolo - yes, if I remove the networks file and change the aggregation to src_host ,dst_host I do see valid v6 host entries! The networks_file entry format I've been using is for example: 15169,2001:4860::/32 After trying some alternate forms, it appears the IPv6 entries should use the following form. Ex. 1,2610:0000:0000:0000:0000:0000:0000:0000/16 - resulting in ip_src= '2610::'. To verify - is this the correct format that should be used? Example: 3,2001:4860:0000:0000:0000:0000:0000:0000::/32 1,2610:0000:0000:0000:0000:0000:0000:0000/16 557,fe80:0000:0000:0000:0000:0000:0000:0000/16 624,2002:0000:0000:0000:0000:0000:0000:0000/16 22701,2001:0502:4612:0000:0000:0000:0000:0000/48 4,2001:0C00:0000:0000:0000:0000:0000:0000/23 5,2001:0500:0001:0000:0000:0000:0000:0000/48 Results: +--------+-----------------+---------+-------+ | as_src | ip_src | packets | bytes | +--------+-----------------+---------+-------+ | 0 | :: | 69 | 14354 | | 22701 | 2001:502:4612:: | 36 | 6830 | | 4 | 2001:c00:: | 21 | 4555 | | 5 | 2001:500:1:: | 24 | 4481 | | 557 | fe80:: | 4 | 272 | +--------+-----------------+---------+-------+ That all being the case and thinking I may have built it incorrectly, looks like I've jumped out of the frying pan after loading the CVS version into its own directory, configure now fails. $sudo ./configure --enable-ipv6 --enable-mysql --enable-64bit Same result if I use configure without any options. Which results in: checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking whether make sets $(MAKE)... yes checking for working aclocal-1.4... missing checking for working autoconf... found checking for working automake-1.4... missing checking for working autoheader... found checking for working makeinfo... missing checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking OS... Linux checking hardware... i686 checking for ranlib... ranlib checking whether to enable debugging compiler options... no checking for gmake... gmake checking whether gmake sets $(MAKE)... yes checking for __progname... yes checking for extra flags needed to export symbols... --export-dynamic checking for static inline... yes checking endianess... little checking unaligned accesses... ok checking whether to disable L2 features... no checking whether to enable IPv6 code... yes checking for inet_pton... yes checking for inet_ntop... yes checking whether to enable IPv4-mapped IPv6 sockets ... yes checking default locations for pcap.h... found in /usr/include checking default locations for libpcap... no checking for pcap_dispatch in -lpcap... yes checking for pcap_setnonblock in -lpcap... yes checking packet capture type... linux checking whether to enable MySQL support... checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes yes checking default locations for libmysqlclient... found in /usr/lib/mysql checking default locations for mysql.h... found in /usr/include/mysql checking whether to enable PostgreSQL support... no checking whether to enable SQLite3 support... no checking whether to disable shared objects... ./configure: line 7637: syntax error: unexpected end of file -- Garry Peirce +1-207-561-3539 Network Analyst, ITS University of Maine System > -----Original Message----- > From: Paolo Lucente [mailto:[email protected]] > Sent: Tuesday, March 24, 2009 7:52 AM > To: Garry Peirce > Cc: [email protected] > Subject: Re: [pmacct-discussion] IPv6 traffic > > Hi Garry, > > to add to what Karl already said at this propo that perhaps the > quickest > check is just to see the header of "pmacctd" when launching it: > > pa...@lagavulin:~/codes/pmacct > ./src/pmacctd -h > Promiscuous Mode Accounting Daemon, pmacctd 0.11.6-cvs > Usage: < ... > > > Also give a try runing "pmacctd" in foreground to eventually get errors > while loading the networks_file onto stdout (in case you are not > already > checking messages sent to syslog). > > If nothing helps we should drill it down (IHMO, everything points to a > "networks_file" issue; ie. using the wrong SQL schema with MySQL would > only result in getting truncated IPv6 addresses) so try to: a) remove > the "networks_file" directive from your configuration and b) modify the > "aggregate" to, say, "src_host, dst_host". Check if IPv6 addresses this > way start popping up in the database so that we can take it from there. > > Cheers, > Paolo > > > On Mon, Mar 23, 2009 at 07:53:28PM -0400, Garry Peirce wrote: > > Hi Paolo, > > Ok - I believe I've done that. > > Anyway to be certain the version of pmacctd I'm running is the most > current > > patch of 0.11.5? > > The behavior appears to be the same, although I'm not 100% sure I > updated my > > version with CVS correctly. > > > > -rwxr-xr-x 1 root root 354832 Mar 23 19:23 /usr/local/sbin/pmacctd > > > > The Makefile and config.log are attached. I do see a few 'undeclared > > identifiers' errors within the config.log. > > > > I enabled the debug facility but did not see anything that was in > error. > > DEBUG ( ./test.conf ): plugin name/type: 'default'/'core'. > > DEBUG ( ./test.conf ): plugin name/type: 'default'/'mysql'. > > DEBUG ( ./test.conf ): daemonize:true > > DEBUG ( ./test.conf ): syslog:local2 > > DEBUG ( ./test.conf ): interface:eth1 > > DEBUG ( ./test.conf ): aggregate:src_net,src_as > > DEBUG ( ./test.conf ): networks_file:/home/netflow/pmacct- > 0.11.5/IPtoAS.data > > DEBUG ( ./test.conf ): pcap_filter:src net not 10.0.0.0/8 and src net > not > > 192.168.0.0/16 > > DEBUG ( ./test.conf ): sql_db:pmacct > > DEBUG ( ./test.conf ): sql_table:acct_v6 > > DEBUG ( ./test.conf ): sql_table_version:6 > > DEBUG ( ./test.conf ): sql_passwd:<omitted> > > DEBUG ( ./test.conf ): sql_user:<omitted> > > DEBUG ( ./test.conf ): sql_refresh_time:90 > > DEBUG ( ./test.conf ): sql_host:localhost > > DEBUG ( ./test.conf ): sql_history:1w > > DEBUG ( ./test.conf ): sql_history_roundoff:m > > DEBUG ( ./test.conf ): debug:true > > WARN: debug is enabled; forking in background. Console logging will > get > > lost. > > > > -- > > Garry Peirce > > University of Maine System > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
