I have done the change, I don't have yet any significant amount of flows to analyze, so I'll be back later when I have more information. Thanks a lot for your help,
Joan 2013/7/9 Paolo Lucente <[email protected]> > Hi Joan, > > Please add 'pmacctd_as: file' to your config. Actually, in absence of any > config directive at this propo, this should be the default setting (if, of > course, a networks_file is loaded and we speak pmacctd daemon). > > Will reproduce your config in lab and see why that would not be happening. > > Cheers, > Paolo > > On Tue, Jul 09, 2013 at 02:56:30PM +0200, Joan wrote: > > Hi again, I am reopening this thread again because after upgrading to > > current 0.14.3 version (which fixes all my crashes) the srcas/dstas data > > still isn't populated. > > > > This is my current config: > > daemonize: true > > pidfile: /var/run/pmacctd.pid > > syslog: daemon > > aggregate: src_host,dst_host,dst_as,src_as > > interface: br0 > > plugins: nfprobe > > networks_file: /etc/pmacct/networks.lst > > nfprobe_receiver: 192.168.1.5:2591 > > nfprobe_version: 9 > > debug : true > > > > See the attached document for the dump of the flows that I am doing in > the > > flow collector. > > > > And an sample entry in the networks.lst file for one of the matches in > the > > file: > > 29073,80.82.64.0/24 > > > > > > > > 2013/7/5 Paolo Lucente <[email protected]> > > > > > xHi Joan, > > > > > > Thanks for explaining the background, it makes sense. To get ASNs info > > > populated you should add src_as and dst_as primitives to your aggregate > > > directive. Same as any further info you wish to see populated. > > > > > > Let me know how that goes. I see you dropped a separate email about a > > > crash, along with a backtrace, thanks for that. I will look into it, > > > ie. maybe you already hinted the above yourself and got to the next > > > stage, and get back to you. > > > > > > Cheers, > > > Paolo > > > > > > On Fri, Jul 05, 2013 at 02:35:15PM +0200, Joan wrote: > > > > Hello, > > > > > > > > I am trying to get pmacct workting to replace softflowd because we'd > like > > > > to have the as numbers for the networks populated. > > > > To accomplish this I am using the script to generate the > networks_file > > > from > > > > quagga (I had a couple of issues but it's ok now) > > > > > > > > This is my pmactd.conf config: > > > > /etc/pmacct/pmactd.conf > > > > daemonize: true > > > > > > > > pidfile: /var/run/pmacctd.pid > > > > > > > > syslog: daemon > > > > > > > > aggregate: src_host,dst_host > > > > > > > > pcap_filter: net 0.0.0.0/0 > > > > > > > > interface: br0 > > > > > > > > plugins: nfprobe > > > > > > > > nfprobe_version: 9 > > > > > > > > networks_file: /etc/pmacct/networks.lst > > > > > > > > nfprobe_receiver: 192.168.1.5:2591 <http://192.168.1.8:2591> > > > > > > > > > > > > nfprobe_version: 9 > > > > > > > > And in the flow collector I am checking for the as numbers with > nfdump, > > > but > > > > the output of srcas/dstas is always 0 > > > > nfdump -A srcas -N -M /var/lib/netflow/profiles-data/live/ -o > "fmt:%sa > > > > %fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425 > > > > > > > > Did I miss something in the pmacctd config? I don't see anything > relevant > > > > in the logs. > > > > > > > _______________________________________________ > > > > pmacct-discussion mailing list > > > > http://www.pmacct.net/#mailinglists > > > > > > > > > _______________________________________________ > > > pmacct-discussion mailing list > > > http://www.pmacct.net/#mailinglists > > > > > > nfdump -M /var/lib/netflow/profiles-data/live/ -R > nfcapd.201307091410:nfcapd.201307091440 -A srcas,dstas,srcip,dstip > > Date flow start Duration Src AS Dst AS Src IP Addr > Dst IP Addr Packets Bytes bps Bpp Flows > > 2013-07-09 13:30:18.679 14.592 0 0 218.94.15.226 > 123.123.123.123 3 120 65 40 1 > > 2013-07-09 14:07:54.345 3.094 0 0 92.81.226.61 > 123.123.123.123 2 96 248 48 1 > > 2013-07-09 14:32:49.080 0.000 0 0 188.165.95.171 > 123.123.123.124 1 44 0 44 1 > > 2013-07-09 09:20:01.379 18867.828 0 0 23.123.123.25 > 224.0.0.6 1473 110892 47 75 1 > > 2013-07-09 13:21:32.957 0.000 0 0 85.237.35.52 > 123.123.123.123 1 60 0 60 1 > > 2013-07-09 14:26:16.360 0.000 0 0 80.82.64.231 > 123.123.123.124 1 29 0 29 1 > > 2013-07-09 13:47:01.881 0.000 0 0 186.202.186.28 > 123.123.123.124 1 52 0 52 1 > > 2013-07-09 09:19:59.525 18878.256 0 0 123.123.123.25 > 224.0.0.5 1889 151120 64 80 1 > > 2013-07-09 13:28:24.305 0.000 0 0 61.147.103.117 > 123.123.123.123 1 40 0 40 1 > > > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
