Ah actually, it’s because 1.5.0 doesn’t support specifying a vhost. I’ll try it with root vhost and report back.
-Rob > On 23 May 2015, at 13:03, Rob Greenwood <[email protected]> > wrote: > > Hi Paolo, > > We’re running 1.5.1. > > Oddly if I try and run 1.5.0 with identical config, I get RabbitMQ > authentication errors.. > > ERROR ( elk_1min/amqp ): Connection failed to RabbitMQ: login > ERROR ( elk_1min/amqp ): Connection failed to RabbitMQ: p_amqp_close() invoked > > -Rob > >> On 23 May 2015, at 12:47, Paolo Lucente <[email protected]> wrote: >> >> Hi Rob, >> >> I see. Can you confirm which version are you running? If you are >> not running a code >= 1.5.1, can you please do so? If you are, can >> you check if you get same behaviour with 1.5.0? I'd essentially >> like to confirm whether something broke up or got fixed in the last >> release. >> >> Cheers, >> Paolo >> >> On Sat, May 23, 2015 at 10:43:34AM +0100, Rob Greenwood wrote: >>> Hi Paolo, >>> >>> No we currently don’t have prefixes as part of our aggregation. >>> networks_file_filter is also not specified in the config. >>> >>> Adding 'nfacctd_net: fallback' changes the behaviour to be even weirder… >>> >>> Some (not all) flows are now marked with the correct AS, but only as_dst is >>> updated - we still see lots of iBGP prefix flows with as_src as 0. >>> >>> eBGP prefix flows are no longer set to AS0 with 'nfacctd_net: fallback' >>> however. >>> >>> Config as follows; >>> >>> ## nfacctd.conf ## >>> ! Global daemon >>> daemonize: true >>> syslog: daemon >>> >>> ! BGP daemon >>> !bgp_daemon: true >>> !bgp_daemon_max_peers: 2 >>> !bgp_aspath_radius: 3 >>> !bgp_daemon_md5_file: /opt/pmacct/etc/bgp_md5.lst >>> >>> ! Temporarily pull in iBGP networks data from file until BGP is up >>> networks_file: /opt/pmacct/etc/networks.lst >>> nfacctd_as_new: fallback >>> nfacctd_net: fallback >>> >>> ! Netflow input plugin >>> nfacctd_port: 2055 >>> nfacctd_disable_checks: true >>> >>> ! AMQP output daemon >>> amqp_host: localhost >>> amqp_user: pmacct >>> amqp_passwd: xxxx >>> amqp_vhost: /pmacct >>> amqp_exchange: pmacct >>> amqp_persistent_msg: true >>> >>> ! Plugin definitions >>> plugins: amqp[elk_1min] >>> >>> ! 1 minutely aggregates into ELK via amqp >>> aggregate[elk_1min]: src_as, dst_as, src_host, dst_host, src_port, >>> dst_port, proto >>> amqp_routing_key[elk_1min]: acct >>> amqp_history[elk_1min]: 1m >>> amqp_time_roundoff[elk_1min]: m >>> amqp_refresh_time[elk_1min]: 60 >>> >>> ## networks.lst ## >>> 62212,185.43.216.0/22 >>> >>> -Rob >>> >>>> On 23 May 2015, at 10:00, Paolo Lucente <[email protected]> wrote: >>>> >>>> Hi Rob, >>>> >>>> To confirm that: what you are verifying is not the intended behaviour & >>>> what you describe as your understanding is the intended behaviour instead. >>>> >>>> It would help to know if you have prefixes as part of your aggregation; >>>> if yes, whether they are also zeroed out if not in the networks_file or >>>> not. Meanwhile two tests: >>>> >>>> * add 'nfacctd_net: fallback' to your config >>>> * make sure 'networks_file_filter: true' is not set in your config >>>> >>>> If none of this helps out, can you please post (here or privately) your >>>> config so that i can try to reproduce this in lab? >>>> >>>> Cheers, >>>> Paolo >>>> >>>> On Fri, May 22, 2015 at 09:09:30PM +0100, Rob Greenwood wrote: >>>>> Hi, >>>>> >>>>> We’ve got nfacctd running, collecting IPFIX data from a number of Juniper >>>>> MX routers and exporting it into ElasticSearch successfully. >>>>> >>>>> Our iBGP prefixes have their AS in the netflow data as AS0. I’m trying to >>>>> override this by placing our prefixes into a networks.lst, and specifying >>>>> the following config: >>>>> >>>>> networks_file: /opt/pmacct/etc/networks.lst >>>>> nfacctd_as_new: fallback >>>>> >>>>>> From reading the documentation, this should allow me to override prefix >>>>>> ASNs from within the networks.lst, but would then fall back to pulling >>>>>> the ASN from netflow if the prefix doesn’t exist in network.ls. >>>>> >>>>> However, the behaviour I’m seeing is that the ASN for my prefixes is >>>>> being set correctly, but now every other non-matching network is set to >>>>> AS0. >>>>> >>>>> Is this intended behaviour? >>>>> >>>>> -Rob >>>>> >>>>> >>>>> -- >>>>> DataCentred Limited registered in England and Wales no. 05611763 >>>> >>>> >>>>> _______________________________________________ >>>>> pmacct-discussion mailing list >>>>> http://www.pmacct.net/#mailinglists >>>> >>>> >>>> _______________________________________________ >>>> pmacct-discussion mailing list >>>> http://www.pmacct.net/#mailinglists >>> >>> >>> -- >>> DataCentred Limited registered in England and Wales no. 05611763 >> >> > -- DataCentred Limited registered in England and Wales no. 05611763
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
