It worked! Thank you for your help. Pat
On 07/19/2014 04:49 AM, Paolo Lucente wrote: > Hi Pat, > > It should be the BGP daemon and the NetFlow exporters have different > IP addresses and pmacct needs an hint how to correlate them. This is > done with bgp_agent_map. In your case i believe even a one-liner will > suffice: > > bgp_ip=184.150.172.190 ip=0.0.0.0/0 > > Don't know if "I would like to have all traffic coming from these > devices to be marked as coming from/going to a particular AS" should > read as you want to override BGP for some prefixes or so. Should this > be the case, keeping nfacctd_net and nfacctd_as_new on 'fallback', you > can resort to networks_file for that. > > Cheers, > Paolo > > On Fri, Jul 18, 2014 at 01:24:25PM -0700, THE MIGHTY VEXORG wrote: >> Hello, >> I have netflow coming from a few devices where the source AS and >> destination AS both show up as 0 and is confirmed with tcpdump captures, >> so nfacctd dutifully stores these in the database with zeroes. I would >> like to have all traffic coming from these devices to be marked as >> coming from/going to a particular AS. How can I do that? I'm running >> nfacctd 1.5.0rc3. BGP daemon appears to be working correctly as I see >> routing information show up in BGP daemon msglog. Below is my config: >> >> daemonize: true >> pidfile: /var/run/nfacctd.pid >> logfile: /tmp/nfacctd.log >> nfacctd_allow_file: /etc/pmacct/nfacctd.allow >> >> aggregate[flows]: src_as, dst_as, peer_src_ip, peer_dst_ip, as_path >> interface: eth0 >> >> nfacctd_port: 9995 >> nfacctd_disable_checks: true >> nfacctd_time_new: true >> nfacctd_as_new: fallback >> nfacctd_net: fallback >> >> bgp_daemon: true >> bgp_daemon_ip: X.X.X.X >> bgp_daemon_port: 179 >> bgp_daemon_msglog: true >> bgp_peer_src_as_type: bgp >> bgp_src_as_path_type: bgp >> >> plugins: pgsql[flows] >> plugin_buffer_size: 102400 >> plugin_pipe_size: 10240000 >> >> sql_host[flows]: localhost >> sql_user[flows]: pmacct >> sql_passwd[flows]: XXXX >> sql_refresh_time[flows]: 300 >> sql_optimize_clauses[flows]: true >> sql_history[flows]: 5m >> sql_history_roundoff[flows]: mhd >> sql_table_version[flows]: 1 >> sql_table_type[flows]: bgp >> sql_dont_try_update[flows]: true >> sql_use_copy[flows]: true >> >> BGP daemon snippet, showing it is receiving routes: >> >> Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u >> Prefix: '128.73.86.0/24' Path_Id: '0' Path: '6453 1299 1273 3216 3216 >> 3216 8402' Comms: '577:55 577:4110 577:5504 577:6453 577:10100 577:21136 >> 577:32426 5780:6539' EComms: '' LP: '100' MED: '0' Nexthop: '64.230.195.164' >> Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u >> Prefix: '164.85.32.0/19' Path_Id: '0' Path: '6453 6762 23074' Comms: >> '577:55 577:4110 577:5504 577:6453 577:10100 577:21136 577:32426 >> 5780:6539' EComms: '' LP: '100' MED: '0' Nexthop: '64.230.195.164' >> Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u >> Prefix: '109.251.178.0/24' Path_Id: '0' Path: '3549 21011 31148 31148 >> 31148' Comms: '577:55 577:5604 577:11100 577:22111' EComms: '' LP: '110' >> MED: '0' Nexthop: '64.230.195.155' >> Jul 17 11:19:17 INFO ( default/core/BGP ): [Id: 184.150.172.190] u >> Prefix: '188.231.196.0/24' Path_Id: '0' Path: '3549 21011 31148' Comms: >> '577:55 577:5604 577:11100 577:22111' EComms: '' LP: '110' MED: '0' >> Nexthop: '64.230.195.155' >> >> database snippet: >> >> Jul 17 11:20:01 INFO ( flows/pgsql ): *** Purging cache - START (PID: >> 8685) *** >> Jul 17 11:20:01 DEBUG ( flows/pgsql ): COPY acct_bgp (stamp_updated, >> stamp_inserted, as_src, as_dst, as_path, peer_ip_src, peer_ip_dst, >> packets, bytes) FROM STDIN DELIMITER ',' >> Jul 17 11:20:01 DEBUG ( flows/pgsql ): 2014-07-17 11:20:01,2014-07-17 >> 11:15:00,0,0,,64.230.15.243,64.230.200.244,5139,7417346 >> Jul 17 11:20:01 DEBUG ( flows/pgsql ): 2014-07-17 11:20:01,2014-07-17 >> 11:15:00,0,0,,64.230.15.243,64.230.15.132,4636,6674365 >> Jul 17 11:20:01 DEBUG ( flows/pgsql ): 2014-07-17 11:20:01,2014-07-17 >> 11:15:00,0,0,,64.230.15.243,64.230.193.151,3933,5720197 >> >> >> Thanks, >> Pat >> >> _______________________________________________ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
