> assuming birds Router ID is 1.1.1.1 Yep, that's correct (I obviously modified that before submitting the email).
> Just a thought, as per the docs it’s recommended to set pmacctd_net to the same value as pmacctd_as (bgp in this case). That's a good point, it looks like the default <https://github.com/pmacct/pmacct/blob/dcb93709be433e29e595cec573f5d15bca0aa1ff/CONFIG-KEYS#L1794> is not BGP, so I've updated my config to be: ``` ! ! pmacctd configuration example ! ! Did you know CONFIG-KEYS contains the detailed list of all configuration keys ! supported by 'nfacctd' and 'pmacctd' ? ! ! debug: true daemonize: false pcap_interface: ens3 aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, src_net, dst_net, proto sampling_rate: 10 ! plugins: kafka kafka_output: json kafka_broker_host: kafka.neptunenetworks.org kafka_topic: pmacct.acct kafka_refresh_time: 10 kafka_history: 5m kafka_history_roundoff: m ! bgp_daemon: true bgp_daemon_ip: 127.0.0.1 bgp_daemon_port: 180 bgp_daemon_max_peers: 1 bgp_agent_map: /etc/pmacct/peering_agent.map pmacctd_as: bgp pmacctd_net: bgp ``` (adding in the `src_net` and `dst_net` as you suggested), but it looks like that's not working either: ``` {"event_type": "purge", "as_src": 0, "as_dst": 0, "ip_src": "205.185.117.149", "net_src": "0.0.0.0", "ip_dst": "23.157.160.138", "net_dst": "0.0.0.0", "port_src": 443, "port_dst": 34345, "ip_proto": "tcp", "stamp_inserted": "2019-10-13 12:25:00", "stamp_updated": "2019-10-13 12:26:21", "packets": 40, "bytes": 45332 , "writer_id": "default_kafka/6271"} ``` Very curious! On Sun, Oct 13, 2019 at 7:12 AM Felix Stolba <fsto...@anexia-it.com> wrote: > Hey Brooks, > > > > I can confirm I have a similar setup collecting Netflow so in principle > this should do what you want. The bgp_agent_map also looks fine, assuming > birds Router ID is 1.1.1.1? > > Just a thought, as per the docs it’s recommended to set pmacctd_net to the > same value as pmacctd_as (bgp in this case). Can you add src_net and > dst_net to your aggregates and check if they also show up as zero? > > > > Greetings, > > Felix > > > > *Von: *pmacct-discussion <pmacct-discussion-boun...@pmacct.net> im > Auftrag von Brooks Swinnerton <bswinner...@gmail.com> > *Antworten an: *"pmacct-discussion@pmacct.net" < > pmacct-discussion@pmacct.net> > *Datum: *Sonntag, 13. Oktober 2019 um 05:38 > *An: *"pmacct-discussion@pmacct.net" <pmacct-discussion@pmacct.net> > *Betreff: *[pmacct-discussion] BGP AS values are 0 > > > > Hello there! > > I have pmacctd working with the Kafka addon and am attempting to include > `src_as` and `dst_as` information based on the BGP sessions running on the > same machine using the [BIRD router](https://bird.network.cz). > > I was able to successfully get the BGP session stood up using a loopback > address, but in both the Kafka consumer and `pmacct -s`, I do not see the > AS values: > > ``` > {"event_type": "purge", "as_src": 0, "as_dst": 0, "ip_src": "1.1.1.138", > "ip_dst": "5.9.43.211", "port_src": 443, "port_dst": 48268, "ip_proto": > "tcp", "stamp_inserted": "2019-10-13 02:50:00", "stamp_updated": > "2019-10-13 02:53:31", "packets": 1, "bytes": 52, "writer_id": > "default_kafka/3725"} > ``` > > The pmacct log seems good: > > ``` > Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default/core ): > Promiscuous Mode Accounting Daemon, pmacctd 1.7.3-git (20190418-00+c4) > Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default/core ): > '--enable-kafka' '--enable-jansson' '--enable-l2' '--enable-64bit' > '--enable-traffic-bins' '- > Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default/core ): Reading > configuration file '/etc/pmacct/pmacctd.peering.conf'. > Oct 13 02:51:37 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): > cache entries=16411 base cache memory=54878384 bytes > Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core ): [ens3,0] > link type is: 1 > Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core ): > [/etc/pmacct/peering_agent.map] (re)loading map. > Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core ): > [/etc/pmacct/peering_agent.map] map successfully (re)loaded. > Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): > JSON: setting object handlers. > Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): > maximum BGP peers allowed: 2 > Oct 13 02:51:38 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): > waiting for BGP data on 127.0.0.1:180 > Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** > Purging cache - START (PID: 3673) *** > Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** > Purging cache - END (PID: 3673, QN: 0/0, ET: 0) *** > Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): > [127.0.0.1] BGP peers usage: 1/2 > Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): > [1.1.1.1] Capability: MultiProtocol [1] AFI [1] SAFI [1] > Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): > [1.1.1.1] Capability: 4-bytes AS [41] ASN [300000] > Oct 13 02:51:41 bdr-nyiix pmacctd[3666]: INFO ( default/core/BGP ): > [1.1.1.1] BGP_OPEN: Local AS: 300000 Remote AS: 397143 HoldTime: 90 > Oct 13 02:51:51 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** > Purging cache - START (PID: 3678) *** > Oct 13 02:51:53 bdr-nyiix pmacctd[3666]: INFO ( default_kafka/kafka ): *** > Purging cache - END (PID: 3678, QN: 679/679, ET: 0) *** > ``` > > And the configuration is as follows: > > ``` > ! > ! pmacctd configuration example > ! > ! Did you know CONFIG-KEYS contains the detailed list of all configuration > keys > ! supported by 'nfacctd' and 'pmacctd' ? > ! > ! debug: true > daemonize: false > pcap_interface: ens3 > aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, proto > sampling_rate: 10 > ! > plugins: kafka > kafka_output: json > kafka_broker_host: kafka-broker.fqdn.com > kafka_topic: pmacct.acct > kafka_refresh_time: 10 > kafka_history: 5m > kafka_history_roundoff: m > ! > bgp_daemon: true > bgp_daemon_ip: 127.0.0.1 > bgp_daemon_port: 180 > bgp_daemon_max_peers: 1 > bgp_agent_map: /etc/pmacct/peering_agent.map > pmacctd_as: bgp > ``` > > With the /etc/pmacct/peering_agent.map as: > > ``` > bgp_ip=1.1.1.1 ip=0.0.0.0/0 > ``` > > And the other end of the BGP configuration (in BIRD) being: > > ``` > protocol bgp AS300000v4c1 from transit_customer4 { > description "pmacctd"; > local 127.0.0.1 port 179 as 300000; > neighbor 127.0.0.1 port 180 as 300000; > rr client; > } > ``` > > And it has exported ~150k routes. > > Is there anything obvious that I'm doing wrong or perhaps a way that I can > turn on more debugging to lead me on the right trail? > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists