Hi
I'm trying to use nDPI with the nfacctd daemon. I've compiled and
installed everything. I added the class attribute to the aggregate list,
when I start the daemon it says that it is running with --enable-ndpi.
Yet every netflow entry says that the class is unknown.
nfacctd.conf:
plugins: amqp
aggregate: peer_src_ip, src_host, dst_host, src_port, dst_port, proto,
class, tos, tcpflags, in_iface, out_iface, etype, vlan, flows,
export_proto_version
Example netflow entry:
{
event_type: 'purge',
class: 'unknown',
vlan: 0,
etype: '800',
peer_ip_src: 'some-peer-ip',
iface_in: 12,
iface_out: 14,
ip_src: 'some-src-ip',
ip_dst: 'some-dst-ip',
port_src: 62287,
port_dst: 161,
tcp_flags: '0',
ip_proto: 'udp',
tos: 0,
sampling_rate: 0,
export_proto_version: 9,
stamp_inserted: '2017-11-22 10:35:00',
stamp_updated: '2017-11-22 10:36:01',
flows: 1,
packets: 3,
bytes: 292,
writer_id: 'default_amqp/75018'
}
Log output:
Nov 22 09:57:56 localhost nfacctd[74227]: INFO ( default/core ): NetFlow
Accounting Daemon, nfacctd 1.7.0-git (20170924-00)
Nov 22 09:57:56 localhost nfacctd[74227]: INFO ( default/core ):
'--enable-rabbitmq' '--enable-jansson' '--enable-ndpi' '--enable-l2'
'--enable-ipv6' '--enable-64bit' '--enable-threads'
'--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins'
'--enable-st-bins'
Any idea what might be causing the problem?
Thanks,
Grímur
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
