Hi! I am trying to filter out DST_AS=0 from nfacctd aggregates. And, well, I am failing. I've tried all combinations of the expression on aggregate_filter and they all seemed to be ignored. Here's my current config:
pidfile: /var/run/nfacctd.pid syslog: daemon ! ! interested in in and outbound traffic aggregate: src_as,dst_as,as_path,peer_dst_ip,peer_src_ip,src_host,dst_net,dst_mask,src_port,dst_port,proto pcap_filter: net 0.0.0.0/0 interface: eth0 plugins: memory[out] aggregate_filter[out]: dst_as not 0 nfacctd_ip: 0.0.0.0 nfacctd_port: 9992 nfacctd_net: netflow bgp_daemon: true bgp_daemon_ip: 192.168.142.165 bgp_daemon_max_peers: 100 bgp_agent_map: /etc/pmacct/agent_to_peer.map And here's what I am getting: mrayevskiy@pmacct:~$ /usr/bin/pmacct -c dst_as -M 0 -O csv SRC_AS,DST_AS,AS_PATH,PEER_SRC_IP,PEER_DST_IP,SRC_IP,DST_IP,DST_MASK,SRC_PORT,DST_PORT,PROTOCOL,PACKETS,BYTES 0,0,,91.233.217.254,212.188.23.218,,0.0.0.0,0,0,0,ip,4,240 0,0,,91.233.217.254,0.0.0.0,,0.0.0.0,0,0,0,ip,805,67465 0,0,,91.233.219.254,0.0.0.0,,0.0.0.0,0,0,0,ip,595,113680 0,0,,91.233.217.254,212.188.23.230,,0.0.0.0,0,0,0,ip,69,10393 0,0,,91.233.217.254,10.200.1.84,,0.0.0.0,0,0,0,ip,253222,377639873 0,0,,91.233.219.254,10.200.1.84,,0.0.0.0,0,0,0,ip,2370350,3555193820 I would appreciate some help with this problem. Maxim Rayevskiy Senior Manager ivi.ru online movies tel.: +7 495 276-06-31 (ext. 206) cell: +7 964 551 12 43 e-mail: [email protected]
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
