Hi Richard, I can't really suggest a workaround but it's true i'm no expert of ULOG. You could switch to libpcap and bind pmacctd to the internal interface of your gateway - this will expose you the private IP addresses rather than the public one(s). But it's possible you have several internal interfaces and selected ULOG precisely to not have multiple pmacctd running, one per internal interface.
Since you speak of post_nat_src_host and post_nat_dst_host, what libpcap will not solve you is having a single tuple where the private and the public IP addresses are nicely correlated - not sure if that's what you were asking. In such a case, yes, some knob must be built-in (or available to external lookup) in order to achieve this. Cheers, Paolo On Sat, Jul 26, 2014 at 04:20:31PM +1000, Richard Edmands wrote: > Greetings, I'm currently running uacct 1.5.0.rc3: > ! pmacctd configuration > daemonize: true > pidfile: /var/run/uacctd.pid > syslog: daemon > uacctd_group: 8 > > aggregate[inbound]: dst_host > aggregate[outbound]: src_host > aggregate_filter[inbound]: dst net 10.0.0.0/24 > aggregate_filter[outbound]: src net 10.0.0.0/24 > plugins: mysql[inbound], mysql[outbound] > sql_table[inbound]: acct_v7_in > sql_table[outbound]: acct_v7_out > > ! storage methods > sql_host: private > sql_user: private > sql_db: private > sql_passwd: private > sql_refresh_time: 60 > sql_table_version: 7 > ! accumulate values in each row for up to an hour > sql_history: 1h > sql_history_roundoff: h > ! in case of emergency, log to this file > sql_recovery_logfile: /var/lib/pmacct/recovery_log > > > Now the issue i'm having is it is picking up on the traffic to the > internet, but not the inbound. > I suspect the issue is iptables is passing ulog at that point the wan > address and hence it's being filtered out. > Wondering if anyone knows of a workaround? I suspect that we might need > conntrack support in uacctd so we could do post_nat_src_host and > post_nat_dst_host instead of just dst_host. > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
