Hi Steve, libpcap does not report such info due to no integration with the underlying OS. This is an advantage of using ULOG due to its tight coupling to the OS. Plus, in the QUICKSTART document "Quickstart guide to setup a NetFlow agent/probe" chapter it is described how pmacct can help setting direction and interface indexes basing on MAC or IP addresses.
Cheers, Paolo On Thu, Jul 16, 2015 at 12:27:01PM -0400, Steve Clark wrote: > Hello, > > I have read the discussing in this email thread: > https://firstname.lastname@example.org/msg02187.html > But still can't see anything but zero in the InputInt: and OutputInt: when > looking at the exported packets with > wireshark: > > > Here is my simple config - could someone explain what I am doing wrong? > > ! > ! pmacctd configuration example > ! > ! Did you know CONFIG-KEYS contains the detailed list of all configuration > keys > ! supported by 'nfacctd' and 'pmacctd' ? > ! > ! debug: true > daemonize: false > interface: p4p1 > aggregate: src_host, dst_host, src_port, dst_port, proto, tos, in_iface, > out_iface > plugins: nfprobe[p4p1] > nfprobe_receiver: 10.0.129.71:2055 > nfprobe_version: 9 > nfprobe_ifindex[p4p1]: 4 > ! nfprobe_engine: 1:1 > ! nfprobe_timeouts: tcp=120:maxlife=3600 > ! > ! networks_file: /path/to/networks.lst > ! classifiers: /path/to/classifiers/ > ! snaplen: 700 > > Startup command: > > sudo ../src/pmacctd -f ./probe_netflow.conf > INFO ( default/core ): Reading configuration file > '/var/lib/pgsql/pmacct-1.5.1/examples/probe_netflow.conf'. > INFO ( p4p1/nfprobe ): NetFlow probe plugin is originally based on softflowd > 0.9.7 software, Copyright 2002 Damien Miller <d...@mindrot.org> All rights > reserved. > INFO ( p4p1/nfprobe ): TCP timeout: 3600s > INFO ( p4p1/nfprobe ): TCP post-RST timeout: 120s > INFO ( p4p1/nfprobe ): TCP post-FIN timeout: 300s > INFO ( p4p1/nfprobe ): UDP timeout: 300s > INFO ( p4p1/nfprobe ): ICMP timeout: 300s > INFO ( p4p1/nfprobe ): General timeout: 3600s > INFO ( p4p1/nfprobe ): Maximum lifetime: 604800s > INFO ( p4p1/nfprobe ): Expiry interval: 60s > INFO ( p4p1/nfprobe ): Exporting flows to [10.0.129.71]:iop > OK ( default/core ): link type is: 1 > WARN ( default/core ): p4p1: no IPv4 address assigned > ^CWARN ( p4p1/nfprobe ): Shutting down on user request. > OK: Exiting ... > > Thanks, > > -- > Stephen Clark > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists