Hi, We are (many thanks) happily using nfacctd for a while for our nf/ipfix flows aggregation, and just wanted to add geoip information in our exports. We never used geoipv1, but since geoipv2 is just available, we give it a try with last pmacct-daily (20150827) and a fresh git clone compilation of libmaxminddb.
Everything seems run perfectly with this conf: #geoipv2 database: geoipv2_file: /var/lib/geoip/GeoLite2-Country.mmdb #simple print aggregate aggregate[print5min]: src_net, src_mask, dst_net, dst_mask, src_host_country, dst_host_country Got this kind of working print export: SRC_IP DST_IP SRC_MASK DST_MASK SH_COUNTRY DH_COUNTRY PACKETS BYTES X.Y.66.128 XX.YY.0.0 25 16 FR DE 1628 2413087 But also, continuous (multiple times per second) those warn messages in logs: Sep 02 13:30:56 WARN ( default/core ): src_host_country_geoipv2_handler(): The lookup path does not match the data (key that doesn't exist, array index bigger than the array, expected array or map where none exists) Sep 02 13:30:56 WARN ( default/core ): dst_host_country_geoipv2_handler(): The lookup path does not match the data (key that doesn't exist, array index bigger than the array, expected array or map where none exists) I don't know if this is related pmacct or maxmind, any help would be appreciated :) Best regards, Fabien _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
