Hi, I have been running nfacct for many years and it has served me well, but as my network gets ever more complex and new transit lines are added, I've come across an issue with how I've been configuring the program. My goal is still to maintain a MySQL DB with <n> minute Internet traffic entries (both directions) per public IP at my site. My routers report ingress traffic only, so Netflow must be enabled on all edge interfaces, rather than just the designated uplinks and transits. This means that Netflow reports all traffic that goes via our edge routers and that I have to filter Internet traffic out from other, internal traffic that crosses edge.
My approach so far has been to use pretag map filters for this. The basic structure for these filters are: ! Incoming id=1 ip=<my edge> filter='not ( src net <my prefix 1 > .... or src net <my prefix n>) and dst net <my prefix 1>' ... id=1 ip=<my edge> filter='not ( src net <my prefix 1 > .... or src net <my prefix n>) and dst net <my prefix n>' ! Outgoing id=2 ip=<my edge> filter='not ( dst net <my prefix 1 > .... or dst net <my prefix n>) and src net <my prefix 1>' ... id=2 ip=<my edge> filter='not ( dst net <my prefix 1 > .... or dst net <my prefix n>) and src net <my prefix n>' With RFC1918 prefixes takes up some space to begin with and the number of public prefixes are increasing, I'm running into an issue where the pretag map line length is exceeded and nfacct fails to start. Are there ways to increase the maximum line length or other ways of organizing this filtering process that will keep me within the maximum pretag map line length? Regards, * Inge Arnesen
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
