Hi Marco, The catch should be that you are using the NFLOG target rather than the ULOG target (legacy). One limitation of ULOG compared to NFLOG is it does not support IPv6. There are currently no plans to extend the daemon to support the NFLOG socket.
With regards to group 5 vs group 10, that 10 is hex representation - i've just changed the code in the CVS so to show the group with decimal representation (as one would expect). Cheers, Paolo On Tue, Jan 13, 2015 at 01:08:48PM +0100, Marco Marzetti wrote: > Hello, > > I'm not able to get uacctd working. > > First of all i've configured iptables as follow: > > # iptables -L -n > Chain INPUT (policy ACCEPT) > target prot opt source destination > NFLOG all -- 0.0.0.0/0 0.0.0.0/0 nflog-group 5 > > Than i've checked that is working with tcpdump: > # tcpdump -i nflog:5 -w foo.pcap > tcpdump: WARNING: SIOCGIFADDR: nflog:5: No such device > tcpdump: listening on nflog:5, link-type NFLOG (Linux netfilter log > messages), capture size 65535 bytes > ^C23 packets captured > 23 packets received by filter > 0 packets dropped by kernel > > And, despite the warning about the interface, the file named > foo.pcap contains the received packets. > > So i've started up uacctd as follows: > # uacctd -P print -r 15 -v 7 -c src_host,src_port -g 5 -d > DEBUG ( cmdline ): plugin name/type: 'default'/'core'. > DEBUG ( cmdline ): plugin name/type: 'default'/'print'. > DEBUG ( cmdline ): sql_refresh_time:15 > DEBUG ( cmdline ): sql_table_version:7 > DEBUG ( cmdline ): aggregate:src_host,src_port > DEBUG ( cmdline ): uacctd_group:5 > DEBUG ( cmdline ): debug:true > INFO ( default/core ): Reading configuration from cmdline. > INFO ( default/print ): plugin_pipe_size=4096000 bytes > plugin_buffer_size=232 bytes > INFO ( default/print ): ctrl channel: obtained=229376 bytes > target=141240 bytes > INFO ( default/core ): Successfully connected Netlink ULOG socket > INFO ( default/core ): Netlink ULOG: binding to group 10 > SRC_IP SRC_PORT PACKETS > BYTES > > But it does not list any flows, ever. > > What is most unclear ( at list to me ) are these two lines: > DEBUG ( cmdline ): uacctd_group:5 > INFO ( default/core ): Netlink ULOG: binding to group 10 > > What group is uacctd listening to? > Number 5 or number 10 ? > > Anyway i've changed the iptables configuration explicitly copying > packets to group 10, but nothing changed. > > What's wrong? > > Thank You > > Regards > > -- > *Marco Marzetti* > Responsabile R&D > D 0363 1970353 - F 0363 1970297 > Qcom <http://www.qcom.it/> *Qcom SpA* via Roggia Vignola, 9 - > Treviglio (BG) > T 0363 47905 - F 0363 419424 - www.qcom.it <http://www.qcom.it> > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
