Hi all,

I have a router with multiple interfaces and will need to account traffic
at its several WAN interfaces. My purpose is toaccount the traffic with the
tuple details and the direction.

As a test I have compiled the following simple configuration for pmacctd:

!
daemonize: true
plugins: print[wan0_in], print[wan0_out]
print_refresh_time: 10
print_history: 15m
!
print_output[wan0_in]: csv
print_output_file[wan0_in]: in_traffic.csv
print_output[wan0_out]: csv
print_output_file[wan0_out]: out_traffic.csv
!
aggregate[wan0_in]: src_host, dst_host, src_port, dst_port, tag
aggregate[wan0_out]: src_host, dst_host, src_port, dst_port, tag
!
pre_tag_filter[wan0_in]:1
pre_tag_filter[wan0_out]:2
!
pcap_interface: eth0
pre_tag_map: pretag.map
networks_file: networks.lst
ports_file: ports.lst
!

where pretag.map is:
set_tag=1 filter='ether dst 52:54:00:69:a6:0b'
set_tag=2 filter='ether src 52:54:00:69:a6:0b'

and networks.lst is:
10.100.100.0/24

It seems that the details output at the CSV are correctly filtered
according to the tag, thus recording the direction also, based on the MAC
address of the WAN0 interface.

Is this the correct approach to achieve this or is there any other
recommended way? Do I need to use aggregate_filters?

Also, although I have set a network filter to capture only 10.100.100.0/24,
I observe several networks in/out being collected, indicating that the
network_file directive is ignored or I have misunderstood its purpose. My
purpose it to collect traffic only generated from subnets that belong to
configured interfaces of the router.

Thanx for your feedback!
Alex
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to