Hi, I'm new to pmacct. I need few clarifications regarding this tool
I have a doubt regarding using a pcap file as input to pmacct I'm trying to give a pcap file as input that gets updated continuosly. "sudo pmacctd -D -P print -r 30 -I temp.pcap -c etype,src_host,dst_host" The pmacctd tool exits after diplaying a list of flows. $ sudo pmacctd -P print -r 30 -I temp.pcap -c etype,src_host,dst_host ....... 800 172.24.1.186 224.0.0.251 1 69 INFO ( default_print/print ): *** Purging cache - END (PID: 12988, QN: 272/272, ET: 0) *** INFO ( default/core ): OK, Exiting ... But, the file is updated continuosly. Is there any configuration to read from the file continuosly. Also, Is it possible to provide pcap input in .conf file, I used " pcap_interface: file_path" , but it is not working. Another doubt is regarding Netflow export, I used pmacctd with following configuration " daemonize:false pcap_interface:eth0 aggregate: src_host, dst_host, src_port, dst_port, proto, tos, class plugins: nfprobe, print nfprobe_receiver: 127.0.0.1:2100 nfprobe_version: 9 " and nfacctd with this configuration. " daemonize: false nfacctd_ip: 127.0.0.1 nfacctd_port: 2100 plugins: memory[display], print aggregate: src_host, dst_host, src_port, dst_port, proto, tos " nfacctd is displaying the data but most of the time exact match is not there between the printed data i'm seeing in pmacctd and nfacctd. Also, the nfacctd doesn't start collecting immediately, it takes some time for getting printed output in nfacctd side whereas pmacctd continuosly prints aggregated data. I'm not sure where I'm going wrong.
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
