Hi Cedric,

0x3FFFFFFF (1073741823) is used to indicate packets that never enter or
exit the probe, ie. originated from or delivered to it. This is not
necessarily true since you use pmacctd and miss sfprobe_direction and
sfprobe_ifindex as part of your config. Please look at QUICKSTART doc
section "Quickstart guide to setup a NetFlow agent/probe" and skim to
the point where nfprobe_direction and nfprobe_ifindex are mentioned; in
essence you instruct the probe to reckon interfaces by MAC addresses and
such. This is all because libpcap is not tied to the underlying OS and
hence has no visibility of the 'infrastructure', ie. interfaces. As an
alternative if running on Linux you may explore NFLOG, that is, the
uacctd daemon.  


On Thu, Nov 03, 2016 at 12:14:33PM +0100, Cédric ML wrote:
> Hello,
> I'm trying to set up pmacct so send sflow to a collector.
> my pmacct config file looks like this :
> !
> daemonize: true
> interface: eth0
> aggregate: tag, src_host, dst_host, src_port, dst_port, proto, tos,
> src_as, dst_as
> plugins: sfprobe
> sfprobe_receiver:
> sampling_rate: 20
> ! networks_file: /usr/local/etc/pmacct/networks.lst
> pmacctd_as: bgp
> bgp_daemon: true
> bgp_daemon_ip:
> bgp_daemon_port: 17917
> bgp_agent_map: /usr/local/etc/pmacct/agent_to_peer.map
> bgp_peer_as_skip_subas: true
> bgp_peer_src_as_type: bgp
> My problem is that sflow packets sent from this host alway contain
> sflow.flow_sample.input_interface=1 and
> sflow.flow_sample.output_interface=1073741823
> I don't know where these values come from... pmacct is running on a
> centos6 host, and snmp ifIndexes are between 1 and 8.
> Can somebody please help me with that ?
> Regards,
> Cédric
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

pmacct-discussion mailing list

Reply via email to