Hi Fabien,
With prior knowledge of the template, ie. either you start nfacctd with
'-d' (debug) so to see the content of templates in the logs or collect
some NetFlow in a pcap file and open it with WireShark, you could use
the aggregate_primitives framework of pmacct to define custom primitives.
Essentially in the config you do 'aggregate_primitives:
/path/to/primitives.lst'. Then for the actual content of the
'primitives.lst' file, you can look here:
https://github.com/pmacct/pmacct/blob/1.7.5/examples/primitives.lst.example
Top part of the file you can read the knobs available; bottom part you
are solely interested in the examples for NetFlow v9/IPFIX, ie. line 60,
66 and 72.
You can define custom primitives for pretty much anything but not for
non-key dimensions, ie. packets and bytes, those have to be supported
natively (although it's on the roadmap to make them also customizable)
even though, frankly, that has never been an issue. Should you run in
any issue with the counters, please send me an example pcap via unicast
email and we'll find a solution.
Hope this helps for a start.
Paolo
On 30/11/2020 22:58, Fabien VINCENT wrote:
Hello,
I'm looking to do Netflow v9, Flexible Netflow to be honest, with
nfacctd but can't find any good ressources to play with nfacctd and
aggregate's primitives when having FNF exports.
Is their is any documentation if template is a bit "custom" on the Cisco
ISR side ? Seems sometimes for some reason, template is marked as
unknown, or bytes/packets are null with nfacctd and I can't find any
information about how to configure or troubleshoot it
Any helps / hints appreciated !
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
