Hi Paolo, Thanks for your answer. I reviewed the thread what you sent me. Based on that I will tailor/review my configuration. And if I had question I will get back to the list. :) Back to your questions, I would like to use netflow + pmacct combo for the following purposes:
1. account the amount of traffic what one account can generate to the internet. 2. account the amount of traffice what one user in an account can generate to the internet. 3. track what destination ips are contacted by a single user. Since I did not find any usable frontend, it seems that I have to put together something in php for it where I can see the sums/netowork or ip. but now the first step is to ensure that I am collecting what I really want to. I am not a regular ISP we are talking here an enterprise environment. I do not have AS. I use Cisco 4506 as a L3 switch, it does ip routing it is the default gateway of the accounts network. Andras On Fri, Sep 16, 2011 at 6:16 PM, Paolo Lucente <[email protected]> wrote: > Hi Andras, > > On Fri, Sep 16, 2011 at 02:02:49PM +0200, Andras Horvai wrote: > > > nfacctd.conf: > > > > daemonize: true > > plugins: mysql > > aggregate: src_host,dst_host,src_port,dst_port,proto > > nfacctd_port: 2055 > > sql_refresh_time: 120 > > sql_history: 1M > > sql_table_version: 5 > > sql_table: acct_v5_%Y_%m > > sql_table_schema: /etc/nfacctd.schema > > sql_db: pmacct > > sql_user: pmacct > > sql_passwd: xxxxxxxxxxxx > > sql_num_protos: true > > > I need two things: > > a. The ability to create statistics based on source_ip or destination_ip. > > I guess it's not just your users speaking among themselves - but rather > also > to the outside world. Are you interested to capture such off-net > information? > In my experience the answer is typically no. If this is the case with you > aswell then i advice to read the following email (and the whole thread): > > http://www.mail-archive.com/[email protected]/msg01823.html > > Even if based on sfacctd thoughts captured in there apply to nfacctd and > NetFlow no problems. > > > b. The ability to create summarized statistics per vlan or subnetwork. > > Define subnetwork - do you assign subnets to customers and are interested > in how much traffic these generate, ie. conversely you don't care about how > much specific IP addresses into such subnets generate? Meanwhile, i see you > miss the 'vlan' keyword on the 'aggregate' directive in your configuration. > > I guess the comments above should already answer your questions, to start > with. Does the 4506 also route IP? Does it have BGP peerings - and if yes > how much of the routing table is advertised to it? Answer to these > questions > can help afterwards with any issues you might encounter on the 'subnetwork' > part. > > Cheers, > Paolo > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
