Hi Rich,
I was wondering if you had any log availble from nfacctd; for example,
is it possible that the file 'pretag.map' with no paths supplied is not
found, causing the issue?
Paolo
On Thu, Dec 07, 2023 at 11:34:56PM +, Compton, Rich A wrote:
> Hi, hoping that someone can help me with th
Hi, hoping that someone can help me with this issue. I am trying to run
nfacctd in a container and I’m using a pretag.map file to filter only certain
netflow records. When I remove the “pre_tag_map:” line and
“pre_tag_label_filter” from the config file, I am able to export the netflow
records
Hi Stephen,
If you do not filter over tags, ie. pre_tag_filter is not part of your
config, then all will make to the database and those packets coming from
a unit not in pretag.map will have a tag of zero. In other words both
behaviours are possible (all make to the DB or filter things you are no
Hi,
I am using nfacctd to write netflows to postgres DB. I have my pretag.map setup
to map the
collectors ip to a tag. My question is what happens if I get a netflow packet
from a unit where
I have added it to my pretag.map file yet. Is an error generated? Is the tag
value 0? Is the netflow
p
Hello Paolo,
With 'tag' keyword in aggregate field all works fine.
Thanx.
Paolo Lucente wrote:
Hello Dmitriy,
your pretag.map looks fine to my eyes. You should instead append the
'tag' keyword to your 'aggregate' directive in order to give values
to the 'agent_id' field:
aggregate: src_host,d
Hello Dmitriy,
your pretag.map looks fine to my eyes. You should instead append the
'tag' keyword to your 'aggregate' directive in order to give values
to the 'agent_id' field:
aggregate: src_host,dst_host,src_mac,dst_mac,src_port,dst_port,tag
Let me know whether the issue get solved.
Cheers,
Pa
Is working filter with "and" or "or" rules ?
I have such config:
/etc/pmacct.conf
! pmacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
!
! interested in in and outbound traffic
aggregate: src_host,dst_host,src_mac,dst_mac,src_port,dst_port
! on this network
p
