Hi, I have a pmacctd (1.5.0 (20140828-00)) running with the following configuration:
pmacctd.conf: -------------------- daemonize: true debug: false pidfile: /var/run/pmacctd.pid syslog: daemon interface: eth0 plugins: nfprobe[nfsen] aggregate[nfsen]: src_as,dst_as,src_host,dst_host,src_port,dst_port,proto,tos,flows,tcpflags nfprobe_receiver[nfsen]: 127.0.0.1:9996 nfprobe_version[nfsen]: 10 pmacctd_as: bgp bgp_daemon: true bgp_daemon_ip: xx.xx.248.11 bgp_agent_map: /etc/pmacct/agent_to_peer.map /etc/pmacct/agent_to_peer.map: -------------------- bgp_ip=xx.xx.248.254 ip=0.0.0.0/0 eth0 is connected to a port on a Cisco switch which is a monitoring destination. The BGP peering session is up with a Juniper router: Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... xx.xx.248.11 xxxxx 14869 574524 0 7 19:12:55 0/0/0/0 0/0/0/0 However, only a small number of flows is getting a src/dst ASN. Out of the last 100 flows, I only have 8 flows with a src or dst ASN (see attachment). Can anyone point me in the right direction as to why this is happening or how I can fix this? Kind regards, Rick van den Hof -- Manager Engineering Totaalnet Internet Works B.V. IJsselburcht 4e 6825 BP Arnhem +31(0)26-3844944 | [email protected] (PGP Key: 0x5A66E935)
2014-10-21 09:17:43.215 0.000 UDP 80.84.224.25:10027 -> xx.xx.250.11:53 1 71 1 0 0 2014-10-21 09:17:43.217 0.000 UDP xx.xx.248.106:53 -> 194.109.133.203:32890 1 79 1 0 3265 2014-10-21 09:17:43.219 0.001 UDP xx.xx.250.11:53 -> 80.84.224.25:5167 1 60 1 0 0 2014-10-21 09:17:43.219 0.001 UDP 80.84.224.25:5167 -> xx.xx.250.11:53 1 60 1 0 0 2014-10-21 09:17:43.220 0.000 UDP 98.138.144.164:63024 -> xx.xx.252.68:53 1 71 1 36646 0 2014-10-21 09:17:43.162 0.063 TCP 37.153.251.157:50804 -> xx.xx.248.4:80 5 738 1 0 0 2014-10-21 09:17:43.162 0.063 TCP xx.xx.248.4:80 -> 37.153.251.157:50804 4 857 1 0 0 2014-10-21 09:17:43.164 0.062 TCP 37.153.251.157:50805 -> xx.xx.248.4:80 5 738 1 0 0 2014-10-21 09:17:43.164 0.062 TCP xx.xx.248.4:80 -> 37.153.251.157:50805 4 857 1 0 0 2014-10-21 09:17:43.221 0.000 UDP xx.xx.248.106:53 -> 83.149.24.243:38419 1 265 1 0 0 2014-10-21 09:17:43.165 0.064 TCP 37.153.251.157:50806 -> xx.xx.248.4:80 4 698 1 0 0 2014-10-21 09:17:43.165 0.064 TCP xx.xx.248.4:80 -> 37.153.251.157:50806 4 857 1 0 0 2014-10-21 09:17:43.134 0.097 TCP xx.xx.252.108:110 -> 178.250.196.28:50907 9 479 1 0 0 2014-10-21 09:17:43.134 0.097 TCP 178.250.196.28:50907 -> xx.xx.252.108:110 9 429 1 0 0 2014-10-21 09:17:43.038 0.195 TCP xx.xx.252.108:110 -> 193.141.147.131:53328 11 1128 1 0 0 2014-10-21 09:17:43.038 0.195 TCP 193.141.147.131:53328 -> xx.xx.252.108:110 11 539 1 0 0 2014-10-21 09:17:43.224 0.000 UDP 62.181.75.160:11278 -> xx.xx.248.106:53 1 76 1 0 0 2014-10-21 09:17:43.224 0.000 UDP xx.xx.248.106:53 -> 62.181.75.160:11278 1 92 1 0 0 2014-10-21 09:17:43.235 0.001 UDP xx.xx.248.106:53 -> 94.75.205.231:44729 1 300 1 0 0 2014-10-21 09:17:43.235 0.001 UDP 94.75.205.231:44729 -> xx.xx.248.106:53 1 67 1 0 0 2014-10-21 09:17:43.237 0.000 ICMP xx.xx.xx.139:0 -> xx.xx.xx.83:0.0 1 84 1 0 0 2014-10-21 09:17:43.237 0.000 ICMP xx.xx.xx.83:0 -> xx.xx.xx.139:0.0 1 84 1 0 0 2014-10-21 09:17:43.239 0.000 UDP 202.101.224.70:55721 -> xx.xx.250.11:53 1 66 1 0 0 2014-10-21 09:17:43.240 0.000 UDP xx.xx.250.11:53 -> 202.101.224.70:55721 1 71 1 0 0 2014-10-21 09:17:43.240 0.000 UDP 212.204.198.85:40964 -> xx.xx.250.11:53 1 71 1 0 0 2014-10-21 09:17:43.241 0.000 UDP xx.xx.250.11:53 -> 212.204.198.85:40964 1 60 1 0 0 2014-10-21 09:17:01.671 0.320 TCP xx.xx.248.81:80 -> 82.161.239.6:49947 52 72622 1 0 3265 2014-10-21 09:17:01.671 0.320 TCP 82.161.239.6:49947 -> xx.xx.248.81:80 18 1601 1 3265 0 2014-10-21 09:17:43.245 0.000 UDP 212.204.198.85:63803 -> xx.xx.250.11:53 1 60 1 0 0 2014-10-21 09:17:43.245 0.000 UDP xx.xx.250.11:53 -> 212.204.198.85:63803 1 60 1 0 0 2014-10-21 09:17:43.246 0.000 ICMP xx.xx.xx.139:0 -> xx.xx.252.103:0.0 1 84 1 0 0 2014-10-21 09:17:43.246 0.000 ICMP xx.xx.252.103:0 -> xx.xx.xx.139:0.0 1 84 1 0 0 2014-10-21 09:17:01.674 0.001 TCP xx.xx.xx.17:80 -> 212.57.59.181:57075 1 40 1 0 0 2014-10-21 09:17:01.674 0.001 TCP 212.57.59.181:57075 -> xx.xx.xx.17:80 2 80 1 0 0 2014-10-21 09:17:01.675 0.000 TCP xx.xx.xx.4:80 -> 83.163.224.119:49331 1 40 1 0 3265 2014-10-21 09:17:01.688 0.003 0 2001:14..2::53:2.53 -> 2a00:14..926:0:1.37669 1 149 1 0 0 2014-10-21 09:17:01.688 0.003 0 2a00:14..926:0:1.37669 -> 2001:14..2::53:2.53 1 92 1 0 0 2014-10-21 09:17:43.254 0.000 UDP 129.241.206.252:57416 -> xx.xx.250.11:53 1 70 1 0 0 2014-10-21 09:17:43.254 0.000 UDP xx.xx.250.11:53 -> 129.241.206.252:57416 1 106 1 0 0 2014-10-21 09:17:01.693 0.000 0 2a00:14..:8::197.53 -> 2a00:14..998:0:2.59383 1 157 1 0 0 2014-10-21 09:17:01.693 0.000 0 2a00:14..998:0:2.59383 -> 2a00:14..:8::197.53 1 92 1 0 0 2014-10-21 09:17:43.200 0.056 TCP 37.153.251.157:50807 -> xx.xx.248.4:80 5 436 1 0 0 2014-10-21 09:17:43.200 0.056 TCP xx.xx.248.4:80 -> 37.153.251.157:50807 4 1047 1 0 0 2014-10-21 09:17:43.202 0.055 TCP 37.153.251.157:50808 -> xx.xx.248.4:80 5 436 1 0 0 2014-10-21 09:17:43.202 0.055 TCP xx.xx.248.4:80 -> 37.153.251.157:50808 4 1047 1 0 0 2014-10-21 09:17:43.258 0.000 UDP 80.84.224.251:37399 -> xx.xx.250.11:53 1 71 1 0 0 2014-10-21 09:17:43.258 0.000 UDP xx.xx.250.11:53 -> 80.84.224.251:37399 1 60 1 0 0 2014-10-21 09:17:43.259 0.000 UDP xx.xx.250.11:53 -> 129.241.206.252:24225 1 110 1 0 0 2014-10-21 09:17:43.259 0.000 UDP 129.241.206.252:24225 -> xx.xx.250.11:53 1 70 1 0 0 2014-10-21 09:17:43.259 0.000 TCP 5.255.253.6:62679 -> xx.xx.xx.58:80 1 40 1 13238 0 2014-10-21 09:17:43.262 0.000 ICMP xx.xx.xx.139:0 -> xx.xx.252.109:0.0 1 84 1 0 0 2014-10-21 09:17:43.262 0.000 ICMP xx.xx.252.109:0 -> xx.xx.xx.139:0.0 1 84 1 0 0 2014-10-21 09:17:43.262 0.000 UDP 80.84.224.251:47200 -> xx.xx.250.11:53 1 60 1 0 0 2014-10-21 09:17:43.262 0.000 TCP 66.155.40.250:443 -> xx.xx.xx.79:53472 1 40 1 13768 0 2014-10-21 09:17:43.263 0.000 UDP xx.xx.250.11:53 -> 80.84.224.251:47200 1 60 1 0 0 2014-10-21 09:17:43.263 0.001 UDP xx.xx.250.11:53 -> 129.241.206.252:14944 1 75 1 0 0 2014-10-21 09:17:43.263 0.001 UDP 129.241.206.252:14944 -> xx.xx.250.11:53 1 70 1 0 0 2014-10-21 09:17:43.264 0.000 TCP 66.155.40.250:443 -> xx.xx.xx.79:53472 1 40 1 13768 0 2014-10-21 09:17:43.268 0.000 UDP 74.125.45.23:59618 -> xx.xx.248.206:53 1 61 1 0 0 2014-10-21 09:17:43.270 0.000 UDP xx.xx.248.206:53 -> 74.125.45.23:59618 1 241 1 0 0 2014-10-21 09:17:43.272 0.000 UDP xx.xx.xx.21:37279 -> 199.7.91.13:53 1 74 1 0 0 2014-10-21 09:17:01.695 0.002 0 2001:67..4::53:1.53 -> 2a00:14..926:0:1.63748 1 143 1 0 0 2014-10-21 09:17:01.695 0.002 0 2a00:14..926:0:1.63748 -> 2001:67..4::53:1.53 1 86 1 0 0 2014-10-21 09:17:01.695 0.003 TCP xx.xx.248.92:514 -> xx.xx.252.41:52353 6 312 1 0 0 2014-10-21 09:17:01.695 0.003 TCP xx.xx.252.41:52353 -> xx.xx.248.92:514 6 930 1 0 0 2014-10-21 09:17:43.272 0.000 UDP xx.xx.xx.21:25476 -> 193.0.14.129:53 1 75 1 0 0 2014-10-21 09:17:43.272 0.000 UDP xx.xx.xx.21:17628 -> 202.12.27.33:53 1 75 1 0 0 2014-10-21 09:17:43.272 0.000 UDP xx.xx.xx.21:7657 -> 128.63.2.53:53 1 75 1 0 0 2014-10-21 09:17:01.697 0.001 0 2a00:14..:8::197.53 -> 2a00:14..998:0:2.60744 1 108 1 0 0 2014-10-21 09:17:01.697 0.001 0 2a00:14..998:0:2.60744 -> 2a00:14..:8::197.53 1 92 1 0 0 2014-10-21 09:17:43.274 0.000 UDP 193.0.14.129:53 -> xx.xx.xx.21:25476 1 389 1 0 0 2014-10-21 09:17:43.274 0.000 UDP xx.xx.xx.21:22156 -> 193.188.97.193:53 1 75 1 0 0 2014-10-21 09:17:43.275 0.000 UDP 80.84.224.25:19204 -> xx.xx.250.11:53 1 71 1 0 0 2014-10-21 09:17:43.275 0.000 UDP xx.xx.250.11:53 -> 80.84.224.25:19204 1 60 1 0 0 2014-10-21 09:17:29.013 14.264 TCP xx.xx.xx.97:110 -> 95.97.154.11:50682 30 9179 1 0 0 2014-10-21 09:17:29.013 14.264 TCP 95.97.154.11:50682 -> xx.xx.xx.97:110 19 2197 1 0 0 2014-10-21 09:17:43.236 0.043 TCP xx.xx.xx.139:5667 -> xx.xx.252.40:52852 4 304 1 0 0 2014-10-21 09:17:43.236 0.043 TCP xx.xx.252.40:52852 -> xx.xx.xx.139:5667 5 940 1 0 0 2014-10-21 09:17:43.273 0.005 TCP xx.xx.xx.139:39647 -> xx.xx.252.40:80 4 367 1 0 0 2014-10-21 09:17:43.273 0.005 TCP xx.xx.252.40:80 -> xx.xx.xx.139:39647 3 482 1 0 0 2014-10-21 09:17:43.280 0.000 UDP 128.127.31.126:39870 -> xx.xx.252.48:12838 1 54 1 0 0 2014-10-21 09:17:43.280 0.000 UDP xx.xx.250.11:53 -> 80.84.224.25:42263 1 60 1 0 0 2014-10-21 09:17:43.280 0.000 UDP 80.84.224.25:42263 -> xx.xx.250.11:53 1 60 1 0 0 2014-10-21 09:17:43.225 0.059 TCP 37.153.251.157:50809 -> xx.xx.248.4:80 5 436 1 0 0 2014-10-21 09:17:43.225 0.059 TCP xx.xx.248.4:80 -> 37.153.251.157:50809 4 1047 1 0 0 2014-10-21 09:17:43.227 0.056 TCP 37.153.251.157:50810 -> xx.xx.248.4:80 5 436 1 0 0 2014-10-21 09:17:43.227 0.056 TCP xx.xx.248.4:80 -> 37.153.251.157:50810 4 1047 1 0 0 2014-10-21 09:17:42.919 0.364 TCP 86.81.134.208:33499 -> xx.xx.xx.86:110 11 542 1 0 0 2014-10-21 09:17:42.919 0.364 TCP xx.xx.xx.86:110 -> 86.81.134.208:33499 13 741 1 0 0 2014-10-21 09:17:43.227 0.057 TCP 37.153.251.157:50811 -> xx.xx.248.4:80 5 436 1 0 0 2014-10-21 09:17:43.227 0.057 TCP xx.xx.248.4:80 -> 37.153.251.157:50811 4 1047 1 0 0 2014-10-21 09:17:43.288 0.000 TCP 95.97.154.11:50682 -> xx.xx.xx.97:110 1 40 1 0 0 2014-10-21 09:17:43.280 0.002 UDP 85.17.249.173:123 -> xx.xx.xx.69:123 1 76 1 0 0 2014-10-21 09:17:43.280 0.002 UDP xx.xx.xx.69:123 -> 85.17.249.173:123 1 76 1 0 0 2014-10-21 09:17:43.280 0.000 UDP xx.xx.252.48:12838 -> 128.127.31.126:12839 1 54 1 0 0 2014-10-21 09:17:43.286 0.000 UDP 202.12.27.33:53 -> xx.xx.xx.21:17628 1 389 1 0 0 2014-10-21 09:17:43.286 0.000 UDP xx.xx.xx.21:61190 -> 193.188.97.193:53 1 75 1 0 0 2014-10-21 09:17:43.286 0.000 UDP xx.xx.xx.21:65478 -> 193.188.97.197:53 1 75 1 0 0 2014-10-21 09:17:43.288 0.000 UDP xx.xx.248.181:45382 -> xx.xx.248.197:53 1 68 1 0 0 2014-10-21 09:17:43.288 0.000 UDP xx.xx.248.197:53 -> xx.xx.248.181:45382 1 91 1 0 0
signature.asc
Description: Digital signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
