hi all,
excuse me, noriyuki again. :P
now it is the IPv4 version of the nfprobe/collector mode. i have the full
bgp information and the correct information probed by the pmacctd but it
looks something is lost in the collector. is there anything wrong in the
configuration?
configuration files:
>> pmacctd.conf
!
daemonize: true
imt_path[inbound]: /tmp/collect.pipe-eth0-in
imt_path[outbound]: /tmp/collect.pipe-eth0-out
imt_path[debug]: /tmp/collect.pipe-debug
pidfile: /var/run/pmacctd.pid
logfile: /var/log/pmacctd.log
interface: eth0
!
pmacctd_net: bgp
bgp_peer_src_as_type: bgp
bgp_src_as_path_type: bgp
aggregate[inbound]: src_host, dst_host, src_as, peer_src_as, peer_src_ip,
src_as_path
aggregate[outbound]: src_host, dst_host, dst_as, peer_dst_as, peer_dst_ip,
as_path
aggregate_filter[inbound]: dst net 192.0.128.0/24
aggregate_filter[outbound]: src net 192.0.128.0/24
aggregate[collect]: src_host, dst_host, src_as, dst_as, peer_src_as,
peer_dst_as, peer_src_ip, peer_dst_ip
aggregate[debug]: src_host, dst_host, src_as, dst_as, peer_src_as,
peer_dst_as, peer_src_ip, peer_dst_ip
aggregate_filter[collect]: src net 192.0.0.0/8
aggregate_filter[debug]: src net 192.0.0.0/8
!
!plugins: memory[inbound], memory[outbound], nfprobe[ingress],
nfprobe[egress]
plugins: memory[inbound], memory[outbound], memory[debug], nfprobe[collect]
!
nfprobe_receiver: 172.17.0.2:2100
nfprobe_source_ip: 172.17.0.2
nfprobe_version: 9
!nfprobe_direction[ingress]: tag
!nfprobe_direction[egress]: tag
!nfprobe_ifindex[ingress]: tag2
!nfprobe_ifindex[egress]: tag2
!pre_tag_map: /home/maoke/pmacct_work/maps/pretag.map-eth0
!
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 192.0.128.2
bgp_daemon_id: 192.0.128.2
bgp_agent_map: /home/maoke/pmacct_work/maps/agent_to_peer.map-v4-eth0
!bgp_daemon_port: 179
!bgp_daemon_msglog: false
!
plugin_pipe_size: 2000000
plugin_buffer_size: 10000
imt_mem_pools_number: 0
!
bgp_table_dump_file: /tmp/bgp-$peer_src_ip.txt
bgp_table_dump_refresh_time: 300
!
>> nfacctd.conf
!
daemonize: true
logfile: /var/log/nfacctd.log
nfacctd_ip: ::ffff:172.17.0.2
nfacctd_port: 2100
imt_path[ingress]: /tmp/collect-pipe-ingress
imt_path[egress]: /tmp/collect-pipe-egress
!plugins: memory[display]
plugins: memory[ingress],memory[egress]
!aggregate[display]: tag, tag2, src_as, dst_as
!aggregate[display]: src_host, dst_host, src_as, dst_as, peer_src_as,
peer_dst_as, peer_src_ip, peer_dst_ip
!aggregate[display]: src_host, dst_host
aggregate[ingress]: src_host, dst_host, src_as, peer_src_as, peer_src_ip
aggregate[egress]: src_host, dst_host, dst_as, peer_dst_as, peer_dst_ip
aggregate_filter[ingress]: dst net 192.0.128.0/24
aggregate_filter[egress]: src net 192.0.128.0/24
!
!classifiers: /home/maoke/pmacct_work/maps/pretag.map-eth0
and the network is not complicated. we have the bgp table as follows:
~/pmacct_work$ sudo cat /tmp/bgp-192_0_128_1.txt
{"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": "192.0.128.1",
"event_type": "dump_init"}
{"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.0.128.1", "event_type":
"dump", "ip_prefix": "192.0.128.0/20", "as_path": "", "origin": 0,
"local_pref": 100}
{"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", "event_type":
"dump", "ip_prefix": "192.16.0.0/16", "as_path": "65530", "origin": 0,
"local_pref": 100}
{"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", "event_type":
"dump", "ip_prefix": "192.32.0.0/16", "as_path": "65530 65533", "origin":
0, "local_pref": 100}
{"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": "192.0.128.1",
"event_type": "dump_close"}
now i have the pmacctd successfully dump the flows as well as bgp
information:
~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-in
SRC_AS SRC_AS_PATH PEER_SRC_AS PEER_SRC_IP
SRC_IP DST_IP
PACKETS BYTES
65530 65530 65530 0
192.16.0.2
192.0.128.65 13700 1297661
0 ^$ 0 0
192.0.128.1
192.0.128.65 9964 529766
0 ^$ 0 0
192.0.128.2
192.0.128.1 1469
1048612
0 ^$ 0 0
192.0.128.1
192.0.128.2 1924 126660
0 ^$ 0 0
192.0.128.65
192.0.128.1 9752 1095733
0 ^$ 0 0
192.32.0.2
192.0.128.65 345 37092
65533 65530_65533 65530 0
192.32.0.2
192.0.128.2 14 840
65533 65530_65533 65530 0
192.32.0.2
192.0.128.65 1412 152984
For a total of: 8 entries
while when the things were exported to nfacctd collector, my peer_src_as
was lost:
~/pmacct_work$ pmacct -s -p /tmp/collect-pipe-ingress
SRC_AS PEER_SRC_AS PEER_SRC_IP
SRC_IP DST_IP
PACKETS BYTES
65533 0 172.17.0.2
192.32.0.2 192.0.128.65
14 840
0 0 172.17.0.2
192.0.128.65 192.0.128.1
801 107416
0 0 172.17.0.2
192.32.0.2 192.0.128.65
1743 189236
65533 0 172.17.0.2
192.32.0.2 192.0.128.2
14 840
0 0 172.17.0.2
192.0.128.1 192.0.128.65
898 50752
For a total of: 5 entries
it is same for the outbound:
~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-out
DST_AS AS_PATH PEER_DST_AS PEER_DST_IP
SRC_IP DST_IP
PACKETS BYTES
0 ^$ 0 0
192.0.128.65
192.32.0.2 345 20868
0 ^$ 0 0
192.0.128.65
10.30.137.1 2 140
0 ^$ 0 0
192.0.128.2
224.0.0.5 354 24116
0 ^$ 0 0
192.0.128.1
192.0.128.65 117 6288
0 ^$ 0 0
192.0.128.2
192.0.128.1 132 13982
0 ^$ 0 0
192.0.128.1
192.0.128.2 230 15751
65533 65530_65533 65530 192.168.56.2
192.0.128.2
192.32.0.2 12 1056
0 ^$ 0 192.0.128.1
192.0.128.1
192.0.128.2 1768 115919
0 ^$ 0 192.0.128.1
192.0.128.65
192.0.128.1 10069 1125753
0 ^$ 0 0
192.0.128.65
192.0.128.1 117 17484
0 ^$ 0 192.0.128.1
192.0.128.2
192.0.128.1 1380
1042284
65533 65530_65533 65530 192.168.56.2
192.0.128.65
192.32.0.2 1253 80252
0 ^$ 0 192.0.128.1
192.0.128.1
192.0.128.65 10281 546046
65530 65530 65530 192.168.56.2
192.0.128.65
192.16.0.2 12073 662721
0 ^$ 0 0
192.0.128.1
224.0.0.5 353 24064
0 ^$ 0 0
192.0.128.65
10.241.0.5 2 140
0 ^$ 0 0
192.0.128.65
10.241.0.6 2 140
For a total of: 17 entries
/pmacct_work$ pmacct -s -p /tmp/collect-pipe-egress
DST_AS PEER_DST_AS PEER_DST_IP
SRC_IP DST_IP
PACKETS BYTES
0 0 0.0.0.0
192.0.128.1 192.0.128.65
898 50752
0 0 0.0.0.0
192.0.128.65 10.30.137.1
2 140
0 0 0.0.0.0
192.0.128.65 192.32.0.2
1598 101120
0 0 0.0.0.0
192.0.128.65 10.241.0.6
2 140
65533 0 0.0.0.0
192.0.128.2 192.32.0.2
12 1056
0 0 0.0.0.0
192.0.128.65 10.241.0.5
2 140
0 0 0.0.0.0
192.0.128.65 192.0.128.1
801 107416
For a total of: 7 entries
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
