Thanks a ton for the reply! FYI, here is the debug output,
DEBUG ( default/mysql ): INSERT INTO `test_1` (stamp_updated, stamp_inserted, ip_src, ip_dst, as_src, as_dst, src_port, dst_port, tcp_flags, ip_proto, packets, bytes, flows) VALUES (FROM_UNIXTIME(1258410661), FROM_UNIXTIME(1258410600), 'x.x.x.34', 'x.x.x.2', xx8, xx9, 443, 2608, 24, 'tcp', 1, 1353, 140733193388033) and here is what shows up in the mysql table for the corresponding record. | xx8 | xx9 | x.x.x.34 | x.x.x.2 | 443 | 2608 | 24 | tcp | 0 | 1 | 1353 | 4294967295 | 2009-11-16 16:30:00 | 2009-11-16 16:31:01 | The flow number is "4294967295", and actually all the other records have same number with this one. I am using ubuntu 8.04 (64 bits), with mysql Server version: 5.0.67-0ubuntu6 (Ubuntu) Let me know If you need more info, thanks > It means you have 5 minutes traffic counters (temporal aggregation). > So pmacct keeps tracking the traffic count and and the end of the given minutes(hours..etc) it calculates the summary and then writes it to the backend database, am I right? If I am correct, how does pmacct treat netflow data? since all the data it gets already get aggregated by netflow protocol. Will pmacct do something extra? I guess for sflow, it will act differently and do the calculations. Here is my current config, debug: true sql_optimize_clauses: true sql_history: 5m sql_history_roundoff: m sql_table: test_%w sql_table_schema: /home/test.schema sql_table_version: 6 aggregate: proto, src_host, dst_host, src_port, dst_port, src_as, dst_as, tcpflags, flows interface: eth1 nfacctd_port: 10000 plugins: mysql
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
