Hi,
I have pmacct (nfacctd) running well and inserting records into a mysql db.
However I want to record (aggregate) the Netflow field SRC_VLAN (58) and DST_VLAN (59).
My router provides these as you can see in the debug below, however I'm not sure how to aggregate them?
DEBUG ( default/core ): NfV9 agent : 103.247.154.38:256
DEBUG ( default/core ): NfV9 template type : flow
DEBUG ( default/core ): NfV9 template ID : 1025
DEBUG ( default/core ): -----------------------------------------------------
DEBUG ( default/core ): | pen | field type | offset | size |
DEBUG ( default/core ): | 0 | last switched | 0 | 4 |
DEBUG ( default/core ): | 0 | first switched | 4 | 4 |
DEBUG ( default/core ): | 0 | in bytes | 8 | 4 |
DEBUG ( default/core ): | 0 | in packets | 12 | 4 |
DEBUG ( default/core ): | 0 | ip version | 16 | 1 |
DEBUG ( default/core ): | 0 | input snmp | 17 | 2 |
DEBUG ( default/core ): | 0 | output snmp | 19 | 2 |
DEBUG ( default/core ): | 0 | direction | 21 | 1 |
DEBUG ( default/core ): | 0 | flows | 22 | 4 |
DEBUG ( default/core ): | 0 | IPv4 src addr | 26 | 4 |
DEBUG ( default/core ): | 0 | IPv4 dst addr | 30 | 4 |
DEBUG ( default/core ): | 0 | L4 src port | 34 | 2 |
DEBUG ( default/core ): | 0 | L4 dst port | 36 | 2 |
DEBUG ( default/core ): | 0 | tos | 38 | 1 |
DEBUG ( default/core ): | 0 | tcp flags | 39 | 1 |
DEBUG ( default/core ): | 0 | L4 protocol | 40 | 1 |
DEBUG ( default/core ): | 0 | out src mac | 41 | 6 |
DEBUG ( default/core ): | 0 | out dst mac | 47 | 6 |
DEBUG ( default/core ): | 0 | 59 | 53 | 2 |
DEBUG ( default/core ): | 0 | 201 | 55 | 4 |
DEBUG ( default/core ): -----------------------------------------------------
DEBUG ( default/core ): Netflow V9/IPFIX record size : 59
DEBUG ( default/core ):
DEBUG ( default/core ): NfV9 agent : 103.247.154.38:256
DEBUG ( default/core ): NfV9 template type : flow
DEBUG ( default/core ): NfV9 template ID : 2048
DEBUG ( default/core ): -----------------------------------------------------
DEBUG ( default/core ): | pen | field type | offset | size |
DEBUG ( default/core ): | 0 | last switched | 0 | 4 |
DEBUG ( default/core ): | 0 | first switched | 4 | 4 |
DEBUG ( default/core ): | 0 | in bytes | 8 | 4 |
DEBUG ( default/core ): | 0 | in packets | 12 | 4 |
DEBUG ( default/core ): | 0 | ip version | 16 | 1 |
DEBUG ( default/core ): | 0 | input snmp | 17 | 2 |
DEBUG ( default/core ): | 0 | output snmp | 19 | 2 |
DEBUG ( default/core ): | 0 | direction | 21 | 1 |
DEBUG ( default/core ): | 0 | flows | 22 | 4 |
DEBUG ( default/core ): | 0 | IPv6 src addr | 26 | 16 |
DEBUG ( default/core ): | 0 | IPv6 dst addr | 42 | 16 |
DEBUG ( default/core ): | 0 | tos | 58 | 1 |
DEBUG ( default/core ): | 0 | L4 src port | 59 | 2 |
DEBUG ( default/core ): | 0 | L4 dst port | 61 | 2 |
DEBUG ( default/core ): | 0 | tcp flags | 63 | 1 |
DEBUG ( default/core ): | 0 | L4 protocol | 64 | 1 |
DEBUG ( default/core ): | 0 | in src mac | 65 | 6 |
DEBUG ( default/core ): | 0 | in dst mac | 71 | 6 |
DEBUG ( default/core ): | 0 | 58 | 77 | 2 |
DEBUG ( default/core ): | 0 | 201 | 79 | 4 |
DEBUG ( default/core ): -----------------------------------------------------
DEBUG ( default/core ): Netflow V9/IPFIX record size : 83
I have the following line in my nfacctd.conf;
aggregate: tag, src_host, dst_host, src_as, dst_as, as_path, peer_src_as, peer_dst_as, flows, vlan
If you could point me in the right direction on this it would be most appreciated :)
Thanks
Liam
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
