Hi Joel,
In 1.5.0rc1 and later you have the -a CLI switch. It kind of expands
description of primitives to what you can see below:
shell> nfacctd -a
NetFlow Accounting Daemon, nfacctd 1.5.0rc2-cvs (20131206-00)
L2
cos : Ethernet CoS, 802.1P
etype : Ethernet Ethertype
src_mac : Source MAC address
dst_mac : Destination MAC address
vlan : Ethernet VLAN, 802.1Q
L3
src_host : Source IPv4/IPv6 address
dst_host : Destination IPv4/IPv6 address
src_mask : Source network mask
dst_mask : Destination network mask
src_net : Source IPv4/IPv6 prefix
dst_net : Destination IPv4/IPv6 prefix
proto : IP protocol
tos : IP ToS
L4
src_port : Source TCP/UDP port
dst_port : Destination TCP/UDP port
tcpflags : TCP flags
BGP
src_as : Source ASN
dst_as : Destination ASN
as_path : AS PATH
std_comm : Standard Communities
ext_comm : Extended Communities
local_pref : Local Preference
med : Multi-Exit Discriminator
mpls_vpn_rd : MPLS VPN Route Distinguisher
peer_src_as : Source peer ASN
peer_dst_as : Destination peer ASN
peer_dst_ip : BGP next-hop
NAT
fw_event : Firewall event ID
nat_event : NAT event ID
post_nat_src_host : Source IPv4/IPv6 address after NAT
translation
post_nat_dst_host : Destination IPv4/IPv6 address after NAT
translation
post_nat_src_port : Source TCP/UDP port after NAT translation
post_nat_dst_port : Destination TCP/UDP port after NAT
translation
MPLS
mpls_label_bottom : Bottom MPLS label
mpls_label_top : Top MPLS label
mpls_stack_depth : MPLS stack depth
MISC
class : L7 protocol classification
flows : IP flows
src_host_country : Source IP address GeoIP resolution: country
dst_host_country : Destination IP address GeoIP resolution:
country
in_iface : Input interface, SNMP ifIndex
out_iface : Output interface, SNMP ifIndex
peer_src_ip : IP address or identificator of telemetry
exporting device
pkt_len_distrib : Packet length distribution
sampling_rate : Sampling rate
tag : Tag, as result of pre_tag_map or post_tag
evaluation
tag2 : Tag #2, as result of pre_tag_map or post_tag
evaluation
TIME
timestamp_start : Observation time or flow start time
timestamp_end : Flow end time
If this is still felt not sufficient (or it is but still it's
good to have stuff on the wiki anyway) then we can add more
there.
Cheers,
Paolo
On Sat, Dec 07, 2013 at 10:12:38AM -0800, Joel Krauska wrote:
> Any interest in expanding the aggregate section of the OfficialConfigKeys
> to give more details about the primitives?
>
> The list:
> [src_mac, dst_mac, vlan, cos, etype, src_host, dst_host, src_net,
> dst_net, src_mask,
> dst_mask, src_as, dst_as, src_port, dst_port, tos, proto, none, sum_mac,
> sum_host, sum_net, sum_as, sum_port, flows, tag, tag2, class, tcpflags,
> in_iface, out_iface, std_comm, ext_comm, as_path, peer_src_ip, peer_dst_ip,
> peer_src_as, peer_dst_as, local_pref, med, src_as_path, src_std_comm,
> src_ext_comm, src_local_pref, src_med, mpls_vpn_rd]
>
> Some are not entirely obvious about what exactly they have:
> eg. peer_dst_as vs dst_as
>
> Since Aggregation is such a fundamental concept I was hoping to see it
> documented a little more.. (maybe it is somewhere else, and I missed it..)
>
> I can help with this if needed.
>
> Cheers,
>
> Joel
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
