Hi Cedric,
Thanks for following up. This line in your log "WARN ( default/core ):
connection lost to 'ip-nfprobe'; closing connection." tells me that
there may be more wrong to it, it actually seems the plugin crashes and
as a result you should stop receiving any (good or bad) data.
I tried to reproduce the issue at my end but failed, ie. it all works
fine using your config. Since we have a crash, to try to better nail the
problem what would help is if you can return me some info about it, here
is how:
https://github.com/pmacct/pmacct/blob/1.7.6/QUICKSTART#L2864-#L2884
You can return me the info here or by unicast email as nobody else would
be much interested in the back and forth of the troubleshooting process.
Express route to resolution could be to get access to your environment,
if reachable via ssh (no screen sharing) and it's non production.
Paolo
On 6/5/21 08:23, BASSAGET Cédric wrote:
Hello Paolo.
Just hade a remote session with Luca Dari from ntopng. Seems the
starttime/endtime in the flows are not correct too :
Timestamp: May 6, 2021 08:11:03.000000000 CEST
ExportTime: 1620281463
FlowSequence: 34583266
Observation Domain Id: 0
Set 1 [id=1024] (4 flows)
FlowSet Id: (Data) (1024)
FlowSet Length: 308
[Template Frame: 9]
Flow 1
[Duration: 877515505.664000000 seconds (milliseconds)]
StartTime: Nov 13, 112781 17:46:47.000000000 CET
EndTime: May 28, 511486763 17:23:04.664000000 CET
I can provide you a full capture if needed.
Regards
Cédric
Le mer. 5 mai 2021 à 15:26, BASSAGET Cédric
<cedric.bassaget...@gmail.com <mailto:cedric.bassaget...@gmail.com>> a
écrit :
Hello Paolo :)
I was running :
# pmacctd -V
Promiscuous Mode Accounting Daemon, pmacctd 1.7.2-git (20181018-00+c3)
3.0-0.bpo.2-amd64 #1 SMP Debian 5.3.9-2~bpo10+1 (2019-11-13) x86_64
I tried to compile github release yesterday but it failed. Tried
again a few minutes ago and compilation seem to work now.
pmacctd 1.7.7-git (20210505-1 (3edef0c3))
but unfortunately I have the same problem : src_as / dst_as field is
still 0 :(
Regards
Cédric
Le mar. 4 mai 2021 à 21:27, Paolo Lucente <pa...@pmacct.net
<mailto:pa...@pmacct.net>> a écrit :
Hi Cedric,
It seems this should work. Can you confirm what version are you
using? a
"pmacctd -V" would do so that i try to reproduce (and/or
encourage you
to get to 1.7.6 or master code on GitHub 8-)).
Paolo
On 4/5/21 14:56, BASSAGET Cédric wrote:
> Hello,
> I'm (once again) trying to export netflow from a Linux / bird
router to
> an external probe. But I can't get src_as / dst_as in my
netflow export...
>
> bgp session between pmacct and bird is OK :
> bird> show route export pmacct count
> 871845 of 2695832 routes for 876157 networks
>
> if I set a "bgp_table_dump_file" file, it is filled with the
full-view
> content (stuff like :
>
> {"timestamp": "2021-05-04 14:40:00", "peer_ip_src": "127.0.0.1",
> "peer_tcp_port": 60836, "event_type": "dump", "afi": 1,
"safi": 1,
> "ip_prefix": "1.22.148.0/24 <http://1.22.148.0/24>
<http://1.22.148.0/24 <http://1.22.148.0/24>>", "bgp_nexthop":
> "149.14.152.113", "as_path": "174 6453 4755 45528 45528 45528
45528
> 45528", "comms": "174:21100 174:22008", "origin": 0,
"local_pref": 100,
> "med": 2021}
>
> note that pmacctd stops with the following warning when it
has finished
> to write this file :
> INFO ( default/core/BGP ): *** Dumping BGP tables - START
(PID: 9379) ***
> INFO ( default/core/BGP ): *** Dumping BGP tables - END (PID:
9379,
> TABLES: 2 ET: 8) ***
> WARN ( default/core ): connection lost to 'ip-nfprobe';
closing connection.
> WARN ( default/core ): no more plugins active. Shutting down.
>
> Here's my config :
>
> # cat /etc/pmacct/pmacctd.netflow.conf
> debug: false
> daemonize: false
> interface: bond0
> aggregate: etype, tag, src_host, dst_host, src_port,
dst_port, proto,
> tos, src_as, dst_as, vlan
>
> nfprobe_version: 10
> plugins: nfprobe[ip]
>
> nfprobe_receiver[ip]: 192.168.156.109:4739
<http://192.168.156.109:4739> <http://192.168.156.109:4739
<http://192.168.156.109:4739>>
> nfprobe_timeouts[ip]: tcp=120:maxlife=3600
> pmacctd_flow_lifetime: 30
>
> sampling_rate: 10
>
> pmacctd_as: bgp
> bgp_daemon: true
> bgp_daemon_ip: 127.0.0.1
> !bgp_daemon_ip: ::
> bgp_daemon_as: 203xxx
> bgp_daemon_port: 17917
> bgp_agent_map: /etc/pmacct/bgp_agent_map.map
> bgp_peer_as_skip_subas: true
> bgp_peer_src_as_type: bgp
> ! pre_tag_map: /etc/pmacct/pretag.map
>
> ! bgp_table_dump_file: /tmp/bgp-$peer_src_ip-%H%M.log
> ! bgp_table_dump_refresh_time: 600
>
> # cat /etc/pmacct/bgp_agent_map.map
> bgp_ip=185.x.y.z ip=0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0 <http://0.0.0.0/0>>
>
>
> Can somebody tell me what I'm missing ? I used to make it
work about 1
> year ago... long time ago !
>
> Thanks a lot for you help.
> Regards
> Cédric
>
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
<http://www.pmacct.net/#mailinglists>
>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
