Am 01.07.2022 um 16:59 schrieb Muenz, Michael:
Hi,
after over 15 years I'm back using pmacct for an open source
accounting project.
I'm using OPNsense to ingest Netflow v5 traffic into pmacct with MySQL
backend.
I'm intersted only in specific networks so I'm doing it like this:
daemonize: true
debug: false
nfacctd_port: 5678
nfacctd_time_new: true
plugins: mysql[inbound],mysql[outbound]
aggregate[inbound]: tag,dst_host
aggregate[outbound]: tag,src_host
aggregate_filter[inbound]: (dst net 46.16.78.247/32 ...)
aggregate_filter[outbound]: (src net 46.16.78.247/32 ...)
The different networks in in aggregate filter are differenct customers.
Now my idea was that I add a pretagging so when a packet comes with
filter X it add tag Y:
! 1101 = OPNREPO
id=1101 ip=81.33.44.75 filter='host 46.16.78.247'
Now every flow from 81.33.44.75 with traffic going from/to
46.16.78.247 gets tag 1101.
After this I can select * from X where 1101 and sum up.
My problem is that aggregate_filter will also aggregate the source of
the other side.
Lets say I transfer a 1GB file from 1.2.3.4 to 46.16.78.247 I have 4
records:
src 0.0.0.0, dst 46.16.78.247
src 0.0.0.0, dst 1.2.3.4
src 46.16.78.247, dst 0.0.0.0
src 1.2.3.4, dst 0.0.0.0
I thought that with aggregate_filter the lines with 1.2.3.4 wont get
into the db but maybe I'm wrong?
Any ideas?
Anyone have an idea how to troubleshoot it? :)
Thx
Michael
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
