Hi Alfonso, Three points, none conclusive about your problem:
* Most important point: from the debug you posted it seems data is written to the SQL database no problems. You should hence find tuples in your acct_v4 table of your database. * You are not required to use the 'nfprobe' plugin at the collector; nfprobe is used to generate NetFlow - but according to your desc you are doing that already at remote boxes using fprobe. * The version you are using is quite old - and hence hard for me to support; i recommend downloading latest version tarball from the website and self-compile. Cheers, Paolo On Wed, Oct 17, 2012 at 05:19:05PM +0200, Alfonso Martin wrote: > Hola Paolo, > > I am using pmacct on ubuntu with version 11.10. > > Pmacct version is 0.12.1 and has been installed by apt-get install pmacct. > > I created a network consisting of 5 machines using virtualbox, all these > machines work with ubuntu 11.10. > > Dynamic routing including what I have done with Quagga (BGP daemon). The > addressing is as follows: > > Router1: eth0: 10.0.2.15 > eth1: 192.168.1.1/24 > eth2: 192.168.2.1/24 > eth3: 192.168.5.1/24 > > Router2: eth0: 10.0.2.15 > eth1: 192.168.1.2/24 > eth2: 192.168.3.1/24 > eth3: 192.168.4.1/24 > > Router3: eth0: 10.0.2.15 > eth1: 192.168.2.2/24 > eth2: 192.168.3.2/24 > > Router4: eth0: 10.0.2.15 > eth1: 192.168.4.2/24 > > Router5: eth0: 10.0.2.15 > eth1: 192.168.5.2/24 > > I'm running tests for flows, for that I'm using as a probe of Netflow -> > fprobe (version 1.1-7.2). > > I have configured probe both the Router1 eth0 as eth1 in the router2: > In both cases in the field FLOW_Collector: 192.168.1.1:2100 > > I created the configuration file nfacctd.conf: > > > ! > ! nfacctd configuration example > ! > ! debug: true > daemonize: false > pidfile: /var/run/nfacctd.pid > ! aggregate_filter[dummy]: src net 192.168.0.0/16 > aggregate: src_host, dst_host > ! plugin_buffer_size: 1024 > nfacctd_port: 2100 > nfprobe_receiver: 192.168.1.1:2100 > nfprobe_version: 5 > ! nfacctd_time_secs: true > ! nfacctd_time_new: true > !plugins: memory > !imt_buckets: 65537 > !imt_mem_pools_size: 65536 > ! imt_mem_pools_number: 0 > plugins: mysql,nfprobe > ! plugins: pgsql > ! plugins: sqlite3 > sql_host: 127.0.0.1 > sql_db: pmacct > sql_table: acct_v4 > sql_table_version: 4 > sql_passwd: ***** > sql_user: root > sql_refresh_time: 90 > ! sql_optimize_clauses: true > sql_history: 10m > sql_history_roundoff: mh > ! networks_file: ./networks.example > > With the following results: > > > root@router1-VirtualBox:/etc/pmacct# nfacctd -d -f nfacctd.conf > DEBUG ( nfacctd.conf ): plugin name/type: 'default'/'core'. > DEBUG ( nfacctd.conf ): plugin name/type: 'default'/'mysql'. > DEBUG ( nfacctd.conf ): plugin name/type: 'default'/'nfprobe'. > DEBUG ( nfacctd.conf ): daemonize:false > DEBUG ( nfacctd.conf ): pidfile:/var/run/nfacctd.pid > DEBUG ( nfacctd.conf ): aggregate:src_host, dst_host > DEBUG ( nfacctd.conf ): nfacctd_port:2100 > DEBUG ( nfacctd.conf ): nfprobe_receiver:192.168.1.1:2100 > DEBUG ( nfacctd.conf ): nfprobe_version:5 > DEBUG ( nfacctd.conf ): sql_host:127.0.0.1 > DEBUG ( nfacctd.conf ): sql_db:pmacct > DEBUG ( nfacctd.conf ): sql_table:acct_v4 > DEBUG ( nfacctd.conf ): sql_table_version:4 > DEBUG ( nfacctd.conf ): sql_passwd:bluesky88 > DEBUG ( nfacctd.conf ): sql_user:root > DEBUG ( nfacctd.conf ): sql_refresh_time:90 > DEBUG ( nfacctd.conf ): sql_history:10m > DEBUG ( nfacctd.conf ): sql_history_roundoff:mh > DEBUG ( nfacctd.conf ): debug:true > INFO ( default/mysql ): 114688 bytes are available to address shared memory > segment; buffer size is 148 bytes. > INFO ( default/mysql ): Trying to allocate a shared memory segment of > 4243456 bytes. > INFO ( default/nfprobe ): 114688 bytes are available to address shared > memory segment; buffer size is 156 bytes. > INFO ( default/nfprobe ): Trying to allocate a shared memory segment of > 4472832 bytes. > INFO ( default/core ): waiting for NetFlow data on :::2100 > INFO ( default/nfprobe ): NetFlow probe plugin is based on softflowd 0.9.7 > software, Copyright 2002 Damien Miller <[email protected]> All rights > reserved. > INFO ( default/nfprobe ): TCP timeout: 3600s > INFO ( default/nfprobe ): TCP post-RST timeout: 120s > INFO ( default/nfprobe ): TCP post-FIN timeout: 300s > INFO ( default/nfprobe ): UDP timeout: 300s > INFO ( default/nfprobe ): ICMP timeout: 300s > INFO ( default/nfprobe ): General timeout: 3600s > INFO ( default/nfprobe ): Maximum lifetime: 604800s > INFO ( default/nfprobe ): Expiry interval: 60s > INFO ( default/nfprobe ): Exporting flows to [192.168.1.1]:2100 > WARN: expecting flow '4' but received '42' collector=0.0.0.0:2100agent=::ffff: > 192.168.1.1:0 > WARN: expecting flow '44' but received '13' > collector=0.0.0.0:2100agent=::ffff: > 192.168.1.1:0 > WARN: expecting flow '19' but received '13' > collector=0.0.0.0:2100agent=::ffff: > 192.168.1.1:0 > DEBUG ( default/nfprobe ): ADD FLOW seq:1 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 > DEBUG ( default/nfprobe ): ADD FLOW seq:2 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 > DEBUG ( default/nfprobe ): ADD FLOW seq:3 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 > DEBUG ( default/nfprobe ): ADD FLOW seq:4 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 > DEBUG ( default/nfprobe ): ADD FLOW seq:5 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:6 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:7 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:8 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:9 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:10 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:11 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:12 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:13 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:14 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:15 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 > DEBUG ( default/nfprobe ): ADD FLOW seq:16 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 > DEBUG ( default/nfprobe ): Starting expiry scan: mode 0 > DEBUG ( default/nfprobe ): Queuing flow seq:1 (0x9a63c80) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:2 (0x9a63d30) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:3 (0x9a63de0) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:4 (0x9a63eb0) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:5 (0x9a63f80) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:6 (0x9a64050) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:7 (0x9a64120) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:8 (0x9a641f0) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:9 (0x9a642c0) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:10 (0x9a64390) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:11 (0x9a64460) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:12 (0x9a64530) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:13 (0x9a64600) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:14 (0x9a646d0) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:15 (0x9a647a0) for expiry > DEBUG ( default/nfprobe ): Queuing flow seq:16 (0x9a64870) for expiry > DEBUG ( default/nfprobe ): Finished scan 16 flow(s) to be evicted > Sending v5 flow packet len = 792 > DEBUG ( default/nfprobe ): Sent 1 netflow packets > DEBUG ( default/nfprobe ): EXPIRED: seq:1 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 octets>:108444 packets>:1291 octets<:0 packets<:0 > start:2012-10-17T16:42:04.000 finish:2012-10-17T16:42:04.000 tcp>:00 > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a63c80) > WARN: expecting flow '19' but received '0' collector=0.0.0.0:2100agent=::ffff: > 192.168.1.1:0 > DEBUG ( default/nfprobe ): EXPIRED: seq:2 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 octets>:0 packets>:0 octets<:108444 packets<:1291 > start:2012-10-17T16:42:04.000 finish:2012-10-17T16:42:04.000 tcp>:00 > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a63d30) > DEBUG ( default/nfprobe ): EXPIRED: seq:3 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 octets>:108444 packets>:1291 octets<:0 packets<:0 > start:2012-10-17T16:42:04.000 finish:2012-10-17T16:42:04.000 tcp>:00 > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a63de0) > DEBUG ( default/nfprobe ): EXPIRED: seq:4 [192.168.1.1]:0 <> > [192.168.1.2]:0 proto:1 octets>:0 packets>:0 octets<:108444 packets<:1291 > start:2012-10-17T16:42:04.000 finish:2012-10-17T16:42:04.000 tcp>:00 > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a63eb0) > DEBUG ( default/nfprobe ): EXPIRED: seq:5 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 octets>:9026 packets>:93 octets<:0 packets<:0 > start:2012-10-17T16:56:07.000 finish:2012-10-17T16:56:07.000 tcp>:1e > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a63f80) > DEBUG ( default/nfprobe ): EXPIRED: seq:6 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 octets>:0 packets>:0 octets<:74338 packets<:101 > start:2012-10-17T16:56:07.000 finish:2012-10-17T16:56:07.000 tcp>:00 > tcp<:1a flowlabel>:00000000 flowlabel<:00000000 (0x9a64050) > DEBUG ( default/nfprobe ): EXPIRED: seq:7 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 octets>:8877 packets>:204 octets<:0 packets<:0 > start:2012-10-17T16:56:43.000 finish:2012-10-17T16:56:43.000 tcp>:1e > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a64120) > DEBUG ( default/nfprobe ): EXPIRED: seq:8 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 octets>:0 packets>:0 octets<:398036 packets<:480 > start:2012-10-17T16:56:43.000 finish:2012-10-17T16:56:43.000 tcp>:00 > tcp<:1a flowlabel>:00000000 flowlabel<:00000000 (0x9a641f0) > DEBUG ( default/nfprobe ): EXPIRED: seq:9 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 octets>:220 packets>:5 octets<:0 packets<:0 > start:2012-10-17T16:56:47.000 finish:2012-10-17T16:56:47.000 tcp>:17 > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a642c0) > DEBUG ( default/nfprobe ): EXPIRED: seq:10 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 octets>:0 packets>:0 octets<:391 packets<:5 > start:2012-10-17T16:56:47.000 finish:2012-10-17T16:56:47.000 tcp>:00 > tcp<:1f flowlabel>:00000000 flowlabel<:00000000 (0x9a64390) > DEBUG ( default/nfprobe ): EXPIRED: seq:11 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 octets>:9026 packets>:93 octets<:0 packets<:0 > start:2012-10-17T16:56:07.000 finish:2012-10-17T16:56:07.000 tcp>:1e > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a64460) > DEBUG ( default/nfprobe ): EXPIRED: seq:12 [10.0.2.15]:33146 <> > [62.73.184.142]:80 proto:6 octets>:0 packets>:0 octets<:74338 packets<:101 > start:2012-10-17T16:56:07.000 finish:2012-10-17T16:56:07.000 tcp>:00 > tcp<:1a flowlabel>:00000000 flowlabel<:00000000 (0x9a64530) > DEBUG ( default/nfprobe ): EXPIRED: seq:13 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 octets>:8877 packets>:204 octets<:0 packets<:0 > start:2012-10-17T16:56:43.000 finish:2012-10-17T16:56:43.000 tcp>:1e > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a64600) > DEBUG ( default/nfprobe ): EXPIRED: seq:14 [10.0.2.15]:36995 <> > [62.73.184.144]:80 proto:6 octets>:0 packets>:0 octets<:398036 packets<:480 > start:2012-10-17T16:56:43.000 finish:2012-10-17T16:56:43.000 tcp>:00 > tcp<:1a flowlabel>:00000000 flowlabel<:00000000 (0x9a646d0) > DEBUG ( default/nfprobe ): EXPIRED: seq:15 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 octets>:220 packets>:5 octets<:0 packets<:0 > start:2012-10-17T16:56:47.000 finish:2012-10-17T16:56:47.000 tcp>:17 > tcp<:00 flowlabel>:00000000 flowlabel<:00000000 (0x9a647a0) > DEBUG ( default/nfprobe ): EXPIRED: seq:16 [10.0.2.15]:35185 <> > [50.57.4.218]:80 proto:6 octets>:0 packets>:0 octets<:391 packets<:5 > start:2012-10-17T16:56:47.000 finish:2012-10-17T16:56:47.000 tcp>:00 > tcp<:1f flowlabel>:00000000 flowlabel<:00000000 (0x9a64870) > ( default/mysql ) *** Purging cache - START *** > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350484800), 0, '192.168.1.1', > '192.168.1.2', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 5164, > 433776, 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350484800), 0, '192.168.1.2', > '192.168.1.1', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 5164, > 433776, 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350485400), 0, '10.0.2.15', > '62.73.184.142', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 372, > 36104, 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350485400), 0, '62.73.184.142', > '10.0.2.15', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 404, 297352, 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350485400), 0, '10.0.2.15', > '62.73.184.144', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 816, > 35508, 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350485400), 0, '62.73.184.144', > '10.0.2.15', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 1920, 1592144, > 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350485400), 0, '10.0.2.15', > '50.57.4.218', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 20, 880, 0) > > DEBUG ( default/mysql ): INSERT INTO `acct_v4` (stamp_updated, > stamp_inserted, vlan, ip_src, ip_dst, src_port, dst_port, tos, ip_proto, > agent_id, mac_src, mac_dst, packets, bytes, flows) VALUES > (FROM_UNIXTIME(1350486001), FROM_UNIXTIME(1350485400), 0, '50.57.4.218', > '10.0.2.15', 0, 0, 0, 'ip', 0, '0:0:0:0:0:0', '0:0:0:0:0:0', 20, 1564, 0) > > ( default/mysql ) *** Purging cache - END (QN: 8, ET: 1) *** > ^Z > [4]+ Detenido nfacctd -d -f nfacctd.conf > > What is the problem / error that I do not receive any kind of flow? > > Thank you, > > Alfonso _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
