Hi,
Well it seems the problem is actually with the router, (Vyatta 6.5) is not sending through the vlan id, rather than my nfacctd config.
A tcpdump of the netflow stream from Vyatta shows that SRC_VLAN and DST_VLAN are being defined correctly in the template, however in the flowsets all the vlan id's are coming through as 0.
This is rather disappointing.
Cheers
Liam
On May 18, 2013, at 03:22 PM, Liam Farr <[email protected]> wrote:
Hi,I have pmacct (nfacctd) running well and inserting records into a mysql db.However I want to record (aggregate) the Netflow field SRC_VLAN (58) and DST_VLAN (59).My router provides these as you can see in the debug below, however I'm not sure how to aggregate them?DEBUG ( default/core ): NfV9 agent : 103.247.154.38:256DEBUG ( default/core ): NfV9 template type : flowDEBUG ( default/core ): NfV9 template ID : 1025DEBUG ( default/core ): -----------------------------------------------------DEBUG ( default/core ): | pen | field type | offset | size |DEBUG ( default/core ): | 0 | last switched | 0 | 4 |DEBUG ( default/core ): | 0 | first switched | 4 | 4 |DEBUG ( default/core ): | 0 | in bytes | 8 | 4 |DEBUG ( default/core ): | 0 | in packets | 12 | 4 |DEBUG ( default/core ): | 0 | ip version | 16 | 1 |DEBUG ( default/core ): | 0 | input snmp | 17 | 2 |DEBUG ( default/core ): | 0 | output snmp | 19 | 2 |DEBUG ( default/core ): | 0 | direction | 21 | 1 |DEBUG ( default/core ): | 0 | flows | 22 | 4 |DEBUG ( default/core ): | 0 | IPv4 src addr | 26 | 4 |DEBUG ( default/core ): | 0 | IPv4 dst addr | 30 | 4 |DEBUG ( default/core ): | 0 | L4 src port | 34 | 2 |DEBUG ( default/core ): | 0 | L4 dst port | 36 | 2 |DEBUG ( default/core ): | 0 | tos | 38 | 1 |DEBUG ( default/core ): | 0 | tcp flags | 39 | 1 |DEBUG ( default/core ): | 0 | L4 protocol | 40 | 1 |DEBUG ( default/core ): | 0 | out src mac | 41 | 6 |DEBUG ( default/core ): | 0 | out dst mac | 47 | 6 |DEBUG ( default/core ): | 0 | 59 | 53 | 2 |DEBUG ( default/core ): | 0 | 201 | 55 | 4 |DEBUG ( default/core ): -----------------------------------------------------DEBUG ( default/core ): Netflow V9/IPFIX record size : 59DEBUG ( default/core ):DEBUG ( default/core ): NfV9 agent : 103.247.154.38:256DEBUG ( default/core ): NfV9 template type : flowDEBUG ( default/core ): NfV9 template ID : 2048DEBUG ( default/core ): -----------------------------------------------------DEBUG ( default/core ): | pen | field type | offset | size |DEBUG ( default/core ): | 0 | last switched | 0 | 4 |DEBUG ( default/core ): | 0 | first switched | 4 | 4 |DEBUG ( default/core ): | 0 | in bytes | 8 | 4 |DEBUG ( default/core ): | 0 | in packets | 12 | 4 |DEBUG ( default/core ): | 0 | ip version | 16 | 1 |DEBUG ( default/core ): | 0 | input snmp | 17 | 2 |DEBUG ( default/core ): | 0 | output snmp | 19 | 2 |DEBUG ( default/core ): | 0 | direction | 21 | 1 |DEBUG ( default/core ): | 0 | flows | 22 | 4 |DEBUG ( default/core ): | 0 | IPv6 src addr | 26 | 16 |DEBUG ( default/core ): | 0 | IPv6 dst addr | 42 | 16 |DEBUG ( default/core ): | 0 | tos | 58 | 1 |DEBUG ( default/core ): | 0 | L4 src port | 59 | 2 |DEBUG ( default/core ): | 0 | L4 dst port | 61 | 2 |DEBUG ( default/core ): | 0 | tcp flags | 63 | 1 |DEBUG ( default/core ): | 0 | L4 protocol | 64 | 1 |DEBUG ( default/core ): | 0 | in src mac | 65 | 6 |DEBUG ( default/core ): | 0 | in dst mac | 71 | 6 |DEBUG ( default/core ): | 0 | 58 | 77 | 2 |DEBUG ( default/core ): | 0 | 201 | 79 | 4 |DEBUG ( default/core ): -----------------------------------------------------DEBUG ( default/core ): Netflow V9/IPFIX record size : 83I have the following line in my nfacctd.conf;aggregate: tag, src_host, dst_host, src_as, dst_as, as_path, peer_src_as, peer_dst_as, flows, vlanIf you could point me in the right direction on this it would be most appreciated :)ThanksLiam_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
