Hi all,

I have a router with multiple interfaces and will need to account traffic
at its several WAN interfaces. My purpose is toaccount the traffic with the
tuple details and the direction.

As a test I have compiled the following simple configuration for pmacctd:

daemonize: true
plugins: print[wan0_in], print[wan0_out]
print_refresh_time: 10
print_history: 15m
print_output[wan0_in]: csv
print_output_file[wan0_in]: in_traffic.csv
print_output[wan0_out]: csv
print_output_file[wan0_out]: out_traffic.csv
aggregate[wan0_in]: src_host, dst_host, src_port, dst_port, tag
aggregate[wan0_out]: src_host, dst_host, src_port, dst_port, tag
pcap_interface: eth0
pre_tag_map: pretag.map
networks_file: networks.lst
ports_file: ports.lst

where pretag.map is:
set_tag=1 filter='ether dst 52:54:00:69:a6:0b'
set_tag=2 filter='ether src 52:54:00:69:a6:0b'

and networks.lst is:

It seems that the details output at the CSV are correctly filtered
according to the tag, thus recording the direction also, based on the MAC
address of the WAN0 interface.

Is this the correct approach to achieve this or is there any other
recommended way? Do I need to use aggregate_filters?

Also, although I have set a network filter to capture only,
I observe several networks in/out being collected, indicating that the
network_file directive is ignored or I have misunderstood its purpose. My
purpose it to collect traffic only generated from subnets that belong to
configured interfaces of the router.

Thanx for your feedback!
pmacct-discussion mailing list

Reply via email to