Hi,
I am using pmacct for researching purpose. The first purpose is using pmacct as
application protocol classifier to classify packet stream and store the
classified data in database for later data mining purpose. The database I
intend to use is mysql, and I have run configure command using
"--entable-mysql" option and build pmacct successfully; also, I have create the
database table using sql script provided by pmacct package. I replay the pcap
traffic trace using tcpreplayer and it send the traffic to eth2.
I have some problems using pmacctd as following:
1) I am intend to using mysql to store the classified data, and I have create
the configure file according to OfficalExamples wik as following:
daemonize: true
interface: eth2
aggregate: flows, class
plugins: mysql
classifiers: /path/to/classifiers/
snaplen: 700
sql_history: 1h
sql_history_roundoff: h
sql_table_version: 5
sql_aggressive_classification: true
Note: the /path/to/classifiers/ is the path which L7-filter's protocol files
exist.
But after I run "pmacctd -f configure-file", I get the following information:
WARN ...: Unkown plugin type:mysql. Ignoring.
Could anyone tell me what's wrong.
2) After I set plugins to "print" and run pmacct, I get the following
information:
WARN Deamonizing. Hmm, bye bye ...
The question here is: Is there anything wrong if I get the above msg? And, if I
set plugins to "print" to print the classified data, where can I see the
classified data?
Some more question as following:
3) What's the format of the classified data? According to the database table to
store the classifed data, I guess it's Netflow v5 format. Or the traffic
classified is still generated as packet format? And, is there any other format
that I can get? For example, Netflow v7 or v9 data?
4) If the classified traffic data is in packet format, is it possible to use
the classified packet data to generate Netflow data? and How?
5) The documents pmacct provided say pmacct support Netflow v9 data, then which
database table is used to store the v9 data?
6) The documents say that pmacct support data mining. Could you tell me how
this function can be used?
Could anyone give me some indication?
Your help is very much appreciated!
Hellen
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
