Hey Brooks, I can confirm I have a similar setup collecting Netflow so in principle this should do what you want. The bgp_agent_map also looks fine, assuming birds Router ID is 1.1.1.1? Just a thought, as per the docs it’s recommended to set pmacctd_net to the same value as pmacctd_as (bgp in this case). Can you add src_net and dst_net to your aggregates and check if they also show up as zero?
Greetings, Felix Von: pmacct-discussion <pmacct-discussion-boun...@pmacct.net> im Auftrag von Brooks Swinnerton <bswinner...@gmail.com> Antworten an: "pmacct-discussion@pmacct.net" <pmacct-discussion@pmacct.net> Datum: Sonntag, 13. Oktober 2019 um 05:38 An: "pmacct-discussion@pmacct.net" <pmacct-discussion@pmacct.net> Betreff: [pmacct-discussion] BGP AS values are 0 Hello there! I have pmacctd working with the Kafka addon and am attempting to include `src_as` and `dst_as` information based on the BGP sessions running on the same machine using the [BIRD router](https://bird.network.cz<https://bird.network.cz/>). I was able to successfully get the BGP session stood up using a loopback address, but in both the Kafka consumer and `pmacct -s`, I do not see the AS values: ``` {"event_type": "purge", "as_src": 0, "as_dst": 0, "ip_src": "1.1.1.138", "ip_dst": "5.9.43.211", "port_src": 443, "port_dst": 48268, "ip_proto": "tcp", "stamp_inserted": "2019-10-13 02:50:00", "stamp_updated": "2019-10-13 02:53:31", "packets": 1, "bytes": 52, "writer_id": "default_kafka/3725"} ``` The pmacct log seems good: ``` Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default/core ): Promiscuous Mode Accounting Daemon, pmacctd 1.7.3-git (20190418-00+c4) Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default/core ): '--enable-kafka' '--enable-jansson' '--enable-l2' '--enable-64bit' '--enable-traffic-bins' '- Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default/core ): Reading configuration file '/etc/pmacct/pmacctd.peering.conf'. Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): cache entries=16411 base cache memory=54878384 bytes Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core ): [ens3,0] link type is: 1 Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core ): [/etc/pmacct/peering_agent.map] (re)loading map. Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core ): [/etc/pmacct/peering_agent.map] map successfully (re)loaded. Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): JSON: setting object handlers. Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): maximum BGP peers allowed: 2 Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): waiting for BGP data on 127.0.0.1:180<http://127.0.0.1:180/> Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** Purging cache - START (PID: 3673) *** Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** Purging cache - END (PID: 3673, QN: 0/0, ET: 0) *** Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): [127.0.0.1] BGP peers usage: 1/2 Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): [1.1.1.1] Capability: MultiProtocol [1] AFI [1] SAFI [1] Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): [1.1.1.1] Capability: 4-bytes AS [41] ASN [300000] Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): [1.1.1.1] BGP_OPEN: Local AS: 300000 Remote AS: 397143 HoldTime: 90 Oct 13 02:51:51 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** Purging cache - START (PID: 3678) *** Oct 13 02:51:53 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** Purging cache - END (PID: 3678, QN: 679/679, ET: 0) *** ``` And the configuration is as follows: ``` ! ! pmacctd configuration example ! ! Did you know CONFIG-KEYS contains the detailed list of all configuration keys ! supported by 'nfacctd' and 'pmacctd' ? ! ! debug: true daemonize: false pcap_interface: ens3 aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, proto sampling_rate: 10 ! plugins: kafka kafka_output: json kafka_broker_host: kafka-broker.fqdn.com<http://kafka-broker.fqdn.com> kafka_topic: pmacct.acct kafka_refresh_time: 10 kafka_history: 5m kafka_history_roundoff: m ! bgp_daemon: true bgp_daemon_ip: 127.0.0.1 bgp_daemon_port: 180 bgp_daemon_max_peers: 1 bgp_agent_map: /etc/pmacct/peering_agent.map pmacctd_as: bgp ``` With the /etc/pmacct/peering_agent.map as: ``` bgp_ip=1.1.1.1 ip=0.0.0.0/0<http://0.0.0.0/0> ``` And the other end of the BGP configuration (in BIRD) being: ``` protocol bgp AS300000v4c1 from transit_customer4 { description "pmacctd"; local 127.0.0.1 port 179 as 300000; neighbor 127.0.0.1 port 180 as 300000; rr client; } ``` And it has exported ~150k routes. Is there anything obvious that I'm doing wrong or perhaps a way that I can turn on more debugging to lead me on the right trail?
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
