Hi Leonardo, You can use pre-tagging (pre_tag_map) to do it. How simple or how tricky this is depends on the NetFlow version and exporter: 1) NetFlow v9 and IPFIX have a direction field (0 = ingress, 1 = egress): if you use either version and your NetFlow probe supports it then it's easy. Otherwise you have two further options, similar to each other, both less clean imho: 2) rely on a (router) MAC address known to be local or 3) rely on IP class(es) known to be local. pre_tag_map Example for a pre_tag_map for 1) is as follows:
id=0 direction=0 id=1 direction=1 Example for 3) is as follows - you can derive 2) from it: id=0 filter='dst net <localnet A> or dst net <localnet B> ..' id=0 filter='src net <localnet A> or src net <localnet B> ..' Then in the config file you define to use a pre_tag_file and add to the existing 'aggregate' directive the 'tag' keyword. Then in the database if a tuple has 'tag' 0 is inbound traffic otherwise (ie. if it's 1) then it's outbound traffic: ... pre_tag_map: /path/to/pretag.map aggregate: tag, .. ... Cheers, Paolo On Thu, Aug 23, 2012 at 06:19:38PM -0300, Leonardo S?piras wrote: > Hi, > > How can I classify inbound and outbound data using NetFlow and the same > table? > > Cheers! > > -- > Atenciosamente > Leonardo Augusto S?piras > [http://www.leonardosapiras.com.br] > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
