Hello list, I need some clarification. I am new at accounting with netflow and pmacct. I have a LAN topology. The number of LAN users is about 300 (and counting).
Here is my topology: ISProuter|---|FW|---|coreswitch|---|VLANs/Customer I have a netflow capable Cisco 4506 swtich. I this device is about to export the netflow data to my collector (pmacct/nfacctd). Settings on the switch: ip flow-capture vlan-id ip flow-capture mac-addresses ip flow ingress infer-fields ip flow ingress layer2-switched ip flow-export source Vlan10 ip flow-export version 5 ip flow-export destination 1.3.2.35 2055 ip route-cache flow infer-fields nfacctd.conf: daemonize: true plugins: mysql aggregate: src_host,dst_host,src_port,dst_port,proto nfacctd_port: 2055 sql_refresh_time: 120 sql_history: 1M sql_table_version: 5 sql_table: acct_v5_%Y_%m sql_table_schema: /etc/nfacctd.schema sql_db: pmacct sql_user: pmacct sql_passwd: xxxxxxxxxxxx sql_num_protos: true I need two things: a. The ability to create statistics based on source_ip or destination_ip. b. The ability to create summarized statistics per vlan or subnetwork. My questions are: 1. the settings above what I have in nfacctd.conf are appropriate for what I need? 2. Is there a better way do get what I need? 3. I plan to rotate the database where I collect data monthly (create a new database at the begining of every month based on nfacctd.schema). Is this a proper way? 4. Even cisco sends vlan info it does not show up in the database, any idea? A line in the database looks like this: +----------+----------+-------------+-------------+------+-----------------+-----------------+----------+----------+----------+-----+---------+-----------+-------+---------------------+---------------------+ | agent_id | class_id | mac_src | mac_dst | vlan | ip_src | ip_dst | src_port | dst_port | ip_proto | tos | packets | bytes | flows | stamp_inserted | stamp_updated | +----------+----------+-------------+-------------+------+-----------------+-----------------+----------+----------+----------+-----+---------+-----------+-------+---------------------+---------------------+ | 0 | unknown | 0:0:0:0:0:0 | 0:0:0:0:0:0 | 0 | 11.64.163.21 | 10.36.20.22 | 53 | 49860 | 17 | 0 | 38 | 3788 | 0 | 2011-09-01 00:00:00 | 2011-09-16 13:25:07 | | 0 | unknown | 0:0:0:0:0:0 | 0:0:0:0:0:0 | 0 | 10.36.20.22 | 11.64.163.21 | 55752 | 53 | 17 | 0 | 28 | 2881 | 0 | 2011-09-01 00:00:00 | 2011-09-16 13:25:05 | Thanks for your help in advance, Andras
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
