Hello,
This is what I would like to achieve: I would like to have a history of ip connections of my network, let's say back to 90 days. So to achieve this I understand that I have to aggregate in nfacctd. Here is the aggregate what I tried: aggregate: src_host,dst_host,src_port,dst_port,proto The problem is when I do this type of aggregate my system slows down very much. (I cannot run a simple query in mysql so I cannot get the information what I need... so the collection is useless). I tried to distinguish the in and out traffic with plugins, but did not help me regarding the performance. The only way what does not slows down my system if I aggregate only src or dst addresses (and separate these into different tables). But with this only aggregate, I lost the information about the src_port, dst_port and protocol (per ip pairs) I would like to monitor the traffic of 400 hosts. Is it possible with a server with 4 cores (Intel(R) Xeon(R) CPU E5603 @ 1.60GHz) and with 4 GB of rams. Flow exporter is a L3 cisco siwtch in the core of the network. It has vlansdefined to them. I am interested in the traffic between local vlan and local vlan, and between local vlan and Internet (or external network). Thanks, Andras
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
