Hi Paolo, Looks like the behaviour is the same in 1.5.0 and 1.5.1.
-Rob > On 23 May 2015, at 13:05, Rob Greenwood <[email protected]> > wrote: > > Ah actually, it’s because 1.5.0 doesn’t support specifying a vhost. > > I’ll try it with root vhost and report back. > > -Rob > >> On 23 May 2015, at 13:03, Rob Greenwood <[email protected]> >> wrote: >> >> Hi Paolo, >> >> We’re running 1.5.1. >> >> Oddly if I try and run 1.5.0 with identical config, I get RabbitMQ >> authentication errors.. >> >> ERROR ( elk_1min/amqp ): Connection failed to RabbitMQ: login >> ERROR ( elk_1min/amqp ): Connection failed to RabbitMQ: p_amqp_close() >> invoked >> >> -Rob >> >>> On 23 May 2015, at 12:47, Paolo Lucente <[email protected]> wrote: >>> >>> Hi Rob, >>> >>> I see. Can you confirm which version are you running? If you are >>> not running a code >= 1.5.1, can you please do so? If you are, can >>> you check if you get same behaviour with 1.5.0? I'd essentially >>> like to confirm whether something broke up or got fixed in the last >>> release. >>> >>> Cheers, >>> Paolo >>> >>> On Sat, May 23, 2015 at 10:43:34AM +0100, Rob Greenwood wrote: >>>> Hi Paolo, >>>> >>>> No we currently don’t have prefixes as part of our aggregation. >>>> networks_file_filter is also not specified in the config. >>>> >>>> Adding 'nfacctd_net: fallback' changes the behaviour to be even weirder… >>>> >>>> Some (not all) flows are now marked with the correct AS, but only as_dst >>>> is updated - we still see lots of iBGP prefix flows with as_src as 0. >>>> >>>> eBGP prefix flows are no longer set to AS0 with 'nfacctd_net: fallback' >>>> however. >>>> >>>> Config as follows; >>>> >>>> ## nfacctd.conf ## >>>> ! Global daemon >>>> daemonize: true >>>> syslog: daemon >>>> >>>> ! BGP daemon >>>> !bgp_daemon: true >>>> !bgp_daemon_max_peers: 2 >>>> !bgp_aspath_radius: 3 >>>> !bgp_daemon_md5_file: /opt/pmacct/etc/bgp_md5.lst >>>> >>>> ! Temporarily pull in iBGP networks data from file until BGP is up >>>> networks_file: /opt/pmacct/etc/networks.lst >>>> nfacctd_as_new: fallback >>>> nfacctd_net: fallback >>>> >>>> ! Netflow input plugin >>>> nfacctd_port: 2055 >>>> nfacctd_disable_checks: true >>>> >>>> ! AMQP output daemon >>>> amqp_host: localhost >>>> amqp_user: pmacct >>>> amqp_passwd: xxxx >>>> amqp_vhost: /pmacct >>>> amqp_exchange: pmacct >>>> amqp_persistent_msg: true >>>> >>>> ! Plugin definitions >>>> plugins: amqp[elk_1min] >>>> >>>> ! 1 minutely aggregates into ELK via amqp >>>> aggregate[elk_1min]: src_as, dst_as, src_host, dst_host, src_port, >>>> dst_port, proto >>>> amqp_routing_key[elk_1min]: acct >>>> amqp_history[elk_1min]: 1m >>>> amqp_time_roundoff[elk_1min]: m >>>> amqp_refresh_time[elk_1min]: 60 >>>> >>>> ## networks.lst ## >>>> 62212,185.43.216.0/22 >>>> >>>> -Rob >>>> >>>>> On 23 May 2015, at 10:00, Paolo Lucente <[email protected]> wrote: >>>>> >>>>> Hi Rob, >>>>> >>>>> To confirm that: what you are verifying is not the intended behaviour & >>>>> what you describe as your understanding is the intended behaviour instead. >>>>> >>>>> It would help to know if you have prefixes as part of your aggregation; >>>>> if yes, whether they are also zeroed out if not in the networks_file or >>>>> not. Meanwhile two tests: >>>>> >>>>> * add 'nfacctd_net: fallback' to your config >>>>> * make sure 'networks_file_filter: true' is not set in your config >>>>> >>>>> If none of this helps out, can you please post (here or privately) your >>>>> config so that i can try to reproduce this in lab? >>>>> >>>>> Cheers, >>>>> Paolo >>>>> >>>>> On Fri, May 22, 2015 at 09:09:30PM +0100, Rob Greenwood wrote: >>>>>> Hi, >>>>>> >>>>>> We’ve got nfacctd running, collecting IPFIX data from a number of >>>>>> Juniper MX routers and exporting it into ElasticSearch successfully. >>>>>> >>>>>> Our iBGP prefixes have their AS in the netflow data as AS0. I’m trying >>>>>> to override this by placing our prefixes into a networks.lst, and >>>>>> specifying the following config: >>>>>> >>>>>> networks_file: /opt/pmacct/etc/networks.lst >>>>>> nfacctd_as_new: fallback >>>>>> >>>>>>> From reading the documentation, this should allow me to override prefix >>>>>>> ASNs from within the networks.lst, but would then fall back to pulling >>>>>>> the ASN from netflow if the prefix doesn’t exist in network.ls. >>>>>> >>>>>> However, the behaviour I’m seeing is that the ASN for my prefixes is >>>>>> being set correctly, but now every other non-matching network is set to >>>>>> AS0. >>>>>> >>>>>> Is this intended behaviour? >>>>>> >>>>>> -Rob >>>>>> >>>>>> >>>>>> -- >>>>>> DataCentred Limited registered in England and Wales no. 05611763 >>>>> >>>>> >>>>>> _______________________________________________ >>>>>> pmacct-discussion mailing list >>>>>> http://www.pmacct.net/#mailinglists >>>>> >>>>> >>>>> _______________________________________________ >>>>> pmacct-discussion mailing list >>>>> http://www.pmacct.net/#mailinglists >>>> >>>> >>>> -- >>>> DataCentred Limited registered in England and Wales no. 05611763 >>> >>> >> > -- DataCentred Limited registered in England and Wales no. 05611763
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
