Hi, Thanks for the responses. I will give samplicator a try and let pmacct for more advanced uses.
Best regards, Pau 2016-02-10 11:31 GMT+01:00 Markus Weber <[email protected]>: > No problem with tee here - but wasn't Pau expecting tee to do further > sampling (which it doesn't)? > > ==nfacctd_tee.conf: > pidfile: /pmacct/var/nfacctd_tee.pid > logfile: /pmacct/log/nfacctd_tee.log > daemonize: true > files_umask: 2 > nfacctd_disable_checks: true > nfacctd_pipe_size: 8388608 > plugin_buffer_size: 204800 > plugin_pipe_size: 20480000 > nfacctd_ip: <ip> > nfacctd_port: <port> > > plugins: tee > tee_receivers: /pmacct/etc/tee_rec.lst > tee_transparent: true > > > ==tee_rec.lst: > id=1 ip=<ip1>:<port1>,<ip2>:<port2> > > Run nfacctd with nfacctd_tee.conf to duplicate NF data received on > <ip>:<port> to <ip1>:<port1> and <ip2>:<port2>. Then run on <ip1>:<port1> > your NFsen and on <ip2>:<port2> another nfacctd with another config to use > pmacct's great features (what ever you want to aggregate on or do with the > data). > > Eventually you might need tee_transparent to be true (or -S with > samplicator) to keep original source address. > > > Markus > > On 10.02.2016 10:35, Jordan Grigorov (Neterra NMT) wrote: > >> Hello Pau, >> >> You can try /samplicate/ tool (https://github.com/sleinen/samplicator) >> to forward netflow data to multiple IPs/ports. >> >> Just install it and issue: >> >> /samplicate -s 88.22.33.99 -p 9996 127.0.0.1/9995 ///127.0.0.1//9999 -f/ >> >> Best Regards, >> >> >> >> --- >> >> >> Jordan >> >> <https://www.linkedin.com/company/neterra> >> >> >> On 8.02.2016 16:27, KA PDE wrote: >> >>> Hi all, >>> >>> I've recently discovered pmacct and I'm evaluating it to forward netflow >>> data for security purposes to a set of collectors, some of them requiring >>> less amount of data sent. >>> >>> I have a simple configuration using the tee plugin. I've managed to send >>> flow information to NFsen but I'm unable to find a way of sampling to the >>> other destination.Is this achievable with pmacct? >>> >>> ! nfacctd configuration >>> ! >>> ! >>> ! >>> daemonize: true >>> pidfile: /var/run/nfacctd.pid >>> syslog: daemon >>> >>> nfacctd_port: 9996 >>> nfacctd_ip: 88.22.33.99 >>> plugin_pipe_size: 10240000 >>> plugin_buffer_size: 10240 >>> >>> plugins: tee[nfsen], tee[pmacct] >>> tee_receiver[nfsen]: 127.0.0.1:9995 <http://127.0.0.1:9995> >>> tee_receiver[pmacct]: 127.0.0.1:9999 <http://127.0.0.1:9999> >>> ! sampling_rate[pmacct]: 4096 >>> tee_transparent: true >>> >>> Thanks in advance and best regards, >>> >>> Pau >>> >>> >>> _______________________________________________ >>> pmacct-discussion mailing list >>> http://www.pmacct.net/#mailinglists >>> >> >> >> >> _______________________________________________ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists >> > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
