Hi, I am attempting to use nfacctd for displaying short traffic usage to stdout. My nfacct.conf
aggregate_filter[out]: src net 192.168.10.0/24
aggregate_filter[in]: dst net 192.168.10.0/24
!
aggregate[out]: src_host
aggregate[in]: dst_host
plugins: print[out], print[in]
plugin_buffer_size: 1024
nfacctd_ip: 127.0.0.1
nfacctd_port: 4444
print_output: formatted
print_refresh_time: 10
nfacctd_time_secs: true
nfacctd_time_new: true
But output is huge with many unnecessary fields.
root@test:/usr/local/etc/pmacct # nfacctd -f ./nfacctd.conf
INFO ( default/core ): waiting for NetFlow data on 127.0.0.1:4444
TAG TAG2 CLASS SRC_MAC DST_MAC
VLAN COS ETYPE SRC_AS DST_AS BGP_COMMS AS_PATH
PREF MED PEER_SRC_AS PEER_DST_AS PEER_SRC_IP PEER_DST_IP
IN_IFACE OUT_IFACE MPLS_VPN_RD SRC_IP
DST_IP SRC_MASK
DST_MASK SRC_PORT DST_PORT TCP_FLAGS PROTOCOL TOS PACKETS
FLOWS BYTES
TAG TAG2 CLASS SRC_MAC DST_MAC
VLAN COS ETYPE SRC_AS DST_AS BGP_COMMS AS_PATH
PREF MED PEER_SRC_AS PEER_DST_AS PEER_SRC_IP PEER_DST_IP
IN_IFACE OUT_IFACE MPLS_VPN_RD SRC_IP
DST_IP SRC_MASK
DST_MASK SRC_PORT DST_PORT TCP_FLAGS PROTOCOL TOS PACKETS
FLOWS BYTES
0 0 unknown 00:00:00:00:00:00 00:00:00:00:00:00
0 0 0 0 0 0 ^$
0 0 0 0
0 0
0:0:0 192.168.10.2
0 0 0 0
0 ip 0 24 0 2190
0 0 unknown 00:00:00:00:00:00 00:00:00:00:00:00
0 0 0 0 0 0 ^$
0 0 0 0
0 0
0:0:0 192.168.10.2
0 0 0 0
0 ip 0 17 0 2115
^C0 0 unknown 00:00:00:00:00:00
00:00:00:00:00:00 0 0 0 0 0 0
^$ 0 0 0 0
0 0 0:0:0 192.168.10.2
0 0
0 0 0 ip 0 198 0
28281
How would I modify my nfacctd.conf for displaying only needed fields:
src_host and dst_host with corresponding amount of traffic?
Thanks,
Vitaliy
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
