Re: [pmacct-discussion] pmacct and SNMP interface ID in as-stats

Fri, 03 May 2013 19:17:52 -0700 

Hi Paolo.
I read carefully CONFIG-KEYS, QUICKSTART chapter X and example files. I attach my config file below. When I use "pmacct -s -p /tmp/collect.pipe-eth0-out" I can see: 

TAG   TAG2  DST_AS  SRC_IP  DST_IP  SRC_PORT  DST_PORT  PACKETS  BYTES
2     200   559   YY.YY.YY.33  192.41.135.219  0  0     2        56
2     200  9141   YY.YY.YY.6   62.179.1.61    53  27059 1        198
2     200  8048   YY.YY.YY.6   186.88.43.84   53  59784 1        244


It look's ok. But I can see (by capturing the cflow packets by 
wireshark) that now there is no defined dst_as, src_as and in 
ifindex_in/out (NF9_INPUT_SNMP oct.10 and NF9_OUTPUT_SNMP oct.14) there 
is always "0". Could you show me, what is wrong with the configuration 
below?



[...]
daemonize: true
imt_path[inbound]: /tmp/collect.pipe-eth0-in
imt_path[outbound]: /tmp/collect.pipe-eth0-out
pidfile: /var/run/pmacctd.pid
logfile: /usr/local/pmacct/current/eth0.log
interface: eth0
!

aggregate[inbound]: tag, tag2, src_host, dst_host, src_port, dst_port, 
src_as
aggregate[outbound]: tag, tag2, src_host, dst_host, src_port, dst_port, 
dst_as

aggregate_filter[inbound]: dst net YY.YY.YY.0/23
aggregate_filter[outbound]: src net YY.YY.YY.0/23
!
plugins: memory[inbound],memory[outbound],nfprobe[inbound],nfprobe[outbound]
!
nfprobe_receiver: 192.168.35.35:2000
nfprobe_source_ip: YY.YY.YY.YY
nfprobe_version: 9
nfprobe_direction[inbound]: tag
nfprobe_direction[outbound]: tag
nfprobe_ifindex[inbound]: tag2
nfprobe_ifindex[outbound]: tag2
pre_tag_map: /usr/local/pmacct/current/etc/pretag.map-eth0
!
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 127.0.0.1
bgp_agent_map: /usr/local/pmacct/current/etc/agent_to_peer.map-eth0
bgp_daemon_port: 17917
bgp_daemon_msglog: false
plugin_pipe_size: 2000000
plugin_buffer_size: 1000
imt_mem_pools_number: 0
[...]

agent_to_peer.map-eth0 is:
id=YY.YY.YY.YY  ip=127.0.0.1

and pretag.map-eth0 is:
id=1 filter='dst net YY.YY.YY.0/23' jeq=input
id=2 filter='src net YY.YY.YY.0/23' jeq=output
id2=100 label=input
id2=200 label=output



By the way, when I configure (like in "QUICKSTART chapter X") the 
nfprobe_direction and nfprobe_ifindex without [inbound/outbound] name 
there is an error occured in running pmacctd:

[...]
nfprobe_direction and sfprobe_direction cannot be global. Not loaded.
nfprobe_ifindex and sfprobe_ifindex cannot be global. Not loaded.
[...]
???


Regards
--
Mark





W dniu 03.05.2013 19:07, Paolo Lucente pisze:

Hi Marek,

It seems you want nfprobe_ifindex and/or nfprobe_direction features;
you can read brief description in CONFIG-KEYS, some more explanation
about them in QUICKSTART chapter X - where you can also find a couple
of examples.

Depending on the specific scenario you might want to keep it simple
(and lightweight) and configure it static - or make it dynamic, ie.
basing on MAC addresses.

Cheers,
Paolo

On Fri, May 03, 2013 at 03:34:40PM +0200, [email protected] wrote:

Hi again.

I'd like to use pmaccts on gateway to send netflow information to
other machine. On the other machine I install as-stats to read
netflow and make it visable by the web side.

I know, that as-stats use the SNMP interface ID to identity the
peers (file knownlinks in as-stats). But I don't know how to choose
and send the SNMP interface ID by pmacct (nfprobe), of course
differet ID sould by send by one instance pmacct (eth0) and differet
ID by second instance of pmacct (eth1). Could you give me the way
where and how to do it?

I have two interfaces on gateway and two peers with bgp sessions. I
have already install pmacct successfuly working with bgp_daemon on
the same gateway. The SRC_AS and DST_AS is visible by pmacct -s on
the gateway.

Becouse I have two interfaces on gateway I configure and run two
instance of pmacct with peering bgp session with 127.0.0.1 and
127.0.0.2 localhost. The pmacct -s look's like both pmaccts (on eth0
and other instance on eth1) works ok, becouse the SRC_AS, DST_AS,
SRC_IP, DST_IP and other is true value.

But now, I have trouble to send netflow by nfprobe and read it by
as-stats. It seems, that some data is going into the as-stats (the
rrd file is created), but on the web side there is no traffic. I
think the rrd file have no traffic information.

as-stats use the SNMP interface ID to identity the peers, but I
don't know how to choose and send the SNMP interface ID by pmacct
(nfprobe). I will be grateful for any advice.


Configuration of one pmacctd (eth0) is:
[ .. ]
daemonize: true
imt_path: /tmp/collect.pipe-eth0
pidfile: /var/run/pmacctd.pid
logfile: /usr/local/pmacct/current/nfacctd-eth0.log
syslog: daemon
interface: eth0
aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as,
proto, tos
plugins: nfprobe, memory
nfprobe_receiver: 192.168.35.35:2000
nfprobe_source_ip: YY.YY.YY.YY
nfprobe_version: 9
nfprobe_engine: 0:2
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 127.0.0.1
bgp_agent_map: /usr/local/pmacct/current/etc/agent_to_peer.map
bgp_daemon_port: 17917
bgp_daemon_msglog: false
plugin_pipe_size: 2000000
plugin_buffer_size: 1000
imt_mem_pools_number: 0
[ .. ]


Configuration of second instance of pmacctd (eth1) is very similar:
[ .. ]
daemonize: true
imt_path: /tmp/collect.pipe-eth1
pidfile: /var/run/pmacctd.pid
logfile: /usr/local/pmacct/current/nfacctd-eth1.log
syslog: daemon
interface: eth1
aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as,
proto, tos
plugins: nfprobe, memory
nfprobe_receiver: 192.168.35.35:2000
nfprobe_source_ip: YY.YY.YY.YY
nfprobe_version: 9
nfprobe_engine: 0:3
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 127.0.0.2
bgp_agent_map: /usr/local/pmacct/current/etc/agent_to_peer.map
bgp_daemon_port: 17917
bgp_daemon_msglog: false
plugin_pipe_size: 2000000
plugin_buffer_size: 1000
imt_mem_pools_number: 0
[ .. ]


The agent_to_peer.map file is:
id=91.242.174.1 ip=127.0.0.1


The "knownlinks" as-stats file is:
# Router IP    SNMP ifindex  tag    description  color
YY.YY.YY.YY    2             GTS    GTS          5EA631
YY.YY.YY.YY    3             NETIA  NETIA        E45605


Thank's for any advice.


--
Mark.

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists



_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists






















					Reply via email to