Hi again, I am reopening this thread again because after upgrading to current 0.14.3 version (which fixes all my crashes) the srcas/dstas data still isn't populated.
This is my current config: daemonize: true pidfile: /var/run/pmacctd.pid syslog: daemon aggregate: src_host,dst_host,dst_as,src_as interface: br0 plugins: nfprobe networks_file: /etc/pmacct/networks.lst nfprobe_receiver: 192.168.1.5:2591 nfprobe_version: 9 debug : true See the attached document for the dump of the flows that I am doing in the flow collector. And an sample entry in the networks.lst file for one of the matches in the file: 29073,80.82.64.0/24 2013/7/5 Paolo Lucente <[email protected]> > xHi Joan, > > Thanks for explaining the background, it makes sense. To get ASNs info > populated you should add src_as and dst_as primitives to your aggregate > directive. Same as any further info you wish to see populated. > > Let me know how that goes. I see you dropped a separate email about a > crash, along with a backtrace, thanks for that. I will look into it, > ie. maybe you already hinted the above yourself and got to the next > stage, and get back to you. > > Cheers, > Paolo > > On Fri, Jul 05, 2013 at 02:35:15PM +0200, Joan wrote: > > Hello, > > > > I am trying to get pmacct workting to replace softflowd because we'd like > > to have the as numbers for the networks populated. > > To accomplish this I am using the script to generate the networks_file > from > > quagga (I had a couple of issues but it's ok now) > > > > This is my pmactd.conf config: > > /etc/pmacct/pmactd.conf > > daemonize: true > > > > pidfile: /var/run/pmacctd.pid > > > > syslog: daemon > > > > aggregate: src_host,dst_host > > > > pcap_filter: net 0.0.0.0/0 > > > > interface: br0 > > > > plugins: nfprobe > > > > nfprobe_version: 9 > > > > networks_file: /etc/pmacct/networks.lst > > > > nfprobe_receiver: 192.168.1.5:2591 <http://192.168.1.8:2591> > > > > > > nfprobe_version: 9 > > > > And in the flow collector I am checking for the as numbers with nfdump, > but > > the output of srcas/dstas is always 0 > > nfdump -A srcas -N -M /var/lib/netflow/profiles-data/live/ -o "fmt:%sa > > %fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425 > > > > Did I miss something in the pmacctd config? I don't see anything relevant > > in the logs. > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists >
nfdump -M /var/lib/netflow/profiles-data/live/ -R nfcapd.201307091410:nfcapd.201307091440 -A srcas,dstas,srcip,dstip Date flow start Duration Src AS Dst AS Src IP Addr Dst IP Addr Packets Bytes bps Bpp Flows 2013-07-09 13:30:18.679 14.592 0 0 218.94.15.226 123.123.123.123 3 120 65 40 1 2013-07-09 14:07:54.345 3.094 0 0 92.81.226.61 123.123.123.123 2 96 248 48 1 2013-07-09 14:32:49.080 0.000 0 0 188.165.95.171 123.123.123.124 1 44 0 44 1 2013-07-09 09:20:01.379 18867.828 0 0 23.123.123.25 224.0.0.6 1473 110892 47 75 1 2013-07-09 13:21:32.957 0.000 0 0 85.237.35.52 123.123.123.123 1 60 0 60 1 2013-07-09 14:26:16.360 0.000 0 0 80.82.64.231 123.123.123.124 1 29 0 29 1 2013-07-09 13:47:01.881 0.000 0 0 186.202.186.28 123.123.123.124 1 52 0 52 1 2013-07-09 09:19:59.525 18878.256 0 0 123.123.123.25 224.0.0.5 1889 151120 64 80 1 2013-07-09 13:28:24.305 0.000 0 0 61.147.103.117 123.123.123.123 1 40 0 40 1
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
