Re: [pmacct-discussion] Trying to collect NetFlow data from a Cisco router
Hello; This has been very, very useful. I can't thank you enough. The problem was on the Cisco end. Best Regards; John V. From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Kafui Akyea Sent: Friday, July 13, 2018 05:12 PM To: pmacct-discussion@pmacct.net Subject: Re: [pmacct-discussion] Trying to collect NetFlow data from a Cisco router I think you need to figure out if nfacctd is receiving any Netflow data at all and if it is aggregating it first. So from a terminal do this # nfacctd -l 2100 where 2100 is the port to listen for netflow records. it will default to memory plugin. you should see a few messages printed out. make sure you see something like this OK ( default_memory/memory ): waiting for data on: '/tmp/collect.pipe' Then in another terminal do this # pmacct -s -p /tmp/collect.pipe It should display a nice table of the aggregates it has collected in memory for source host. If everything is ok with the above then you at least know it is getting and aggregating Netflow data. Kafui On Fri, Jul 13, 2018 at 1:00 PM, Tech Support mailto:supp...@voipbusiness.us> > wrote: All; I have a Cisco router running IOS and have NetFlow enabled. What I want to do is simply collect that data using nfacctd. No biggie, just collect the data containing the src and dst IP addresses and store it in MySQL. I don’t even need to store it in MySQL, I could simply store it pretty much anywhere. The problem is that no data is being collected. This is my nfacctd.conf file: daemonize: true #debug: true networks_file: /usr/local/etc/pmacct/nfacctd.networks aggregate: src_host,dst_host nfacctd_port: 2100 plugins: mysql sql_optimize_clauses: true sql_table_schema: /usr/local/etc/pmacct/pmacct-create-db_v1.sql sql_refresh_time: 60 sql_history: 1d sql_history_roundoff: d sql_db: accounting sql_table: tkue_%Y_%m_%d sql_host: localhost sql_passwd: root sql_user: So, my question is, what am I missing? What am I doing wrong? Any insight at all would be greatly appreciated. Thanks in Advance; John V. ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Trying to collect NetFlow data from a Cisco router
All; I have a Cisco router running IOS and have NetFlow enabled. What I want to do is simply collect that data using nfacctd. No biggie, just collect the data containing the src and dst IP addresses and store it in MySQL. I don't even need to store it in MySQL, I could simply store it pretty much anywhere. The problem is that no data is being collected. This is my nfacctd.conf file: daemonize: true #debug: true networks_file: /usr/local/etc/pmacct/nfacctd.networks aggregate: src_host,dst_host nfacctd_port: 2100 plugins: mysql sql_optimize_clauses: true sql_table_schema: /usr/local/etc/pmacct/pmacct-create-db_v1.sql sql_refresh_time: 60 sql_history: 1d sql_history_roundoff: d sql_db: accounting sql_table: tkue_%Y_%m_%d sql_host: localhost sql_passwd: root sql_user: So, my question is, what am I missing? What am I doing wrong? Any insight at all would be greatly appreciated. Thanks in Advance; John V. ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Problem setting up pmacctd
Everyone; I am trying to use pmacctd to track and monitor traffic flow on a CentOS 6 server for all of the major services/ports. My config file looks like this: debug: false promisc: false daemonize: true plugins: memory[in], memory[out] interface: eth0 logfile: /opt/AstNMS/var/log/pmacctd.log plugin_pipe_size: 10485760 plugin_buffer_size: 10240 aggregate[in]: src_host, src_port, dst_host, dst_port aggregate[out]: src_host, src_port, dst_host, dst_port aggregate_filter[in]: dst net 192.168.2.85/32 aggregate_filter[out]: src net 192.168.2.85/32 imt_path[in]: /opt/AstNMS/var/run/pmacctd_in.pipe imt_path[out]: /opt/AstNMS/var/run/pmacctd_out.pipe imt_mem_pools_number: 10 imt_mem_pools_size: 10240 ports_file: /opt/AstNMS/conf/ports.list I run my script out of CRON every 5 minutes, then dump the stats to a file for processing. Then I reset the counters using -e and -i and start again. Here is a sample. SRC_IP DST_IP SRC_PORT DST_PORT PACKETS BYTES 192.168.2.205192.168.2.858086 0 46 4067 192.168.2.75 192.168.2.855060 5060 21080 192.168.2.89 192.168.2.850 0 5480 Unfortunately, the last line above lists the src and dst ports as zero. Why is this happening? I imagine that this is also the reason why my byte count doesn't make any sense. Any insight at all with this would be greatly appreciated. Thanks; John ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Statistics show 0 for both src_port and dst_port
All; What I'm trying to do is generate bandwidth traffic statistics. Basically run my script every 5 minutes out of CRON, dump both the input and output stats, and report the in, out, and totals for the ports/services that interest me. However, I'm running into a problem where both the src_port and dst_port is 0 so I have no idea what is generating that traffic. For example, SRC_IP DST_IP SRC_PORT DST_PORT PACKETS BYTES 208.67.220.220 192.168.2.85 0 0 10 960 192.168.2.89 192.168.2.85 0 0 20 1860 71.179.167.169 192.168.2.85 0 0 20 1860 192.168.2.240192.168.2.85 0 0 10 900 192.168.2.75 192.168.2.85 0 0 20 1740 192.168.2.1 192.168.2.85 0 0 15 1380 Does anyone know why this is happening? Any insight at all would be greatly appreciated. Thanks; John V. ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] Problem compiling pmacct on CentOS 6
Hello; Just downloaded from Git and I was able to build it without a problem. I Can't than you enough. Regards; John V. -Original Message- From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Paolo Lucente Sent: Tuesday, April 19, 2016 9:38 AM To: pmacct-discussion@pmacct.net Subject: Re: [pmacct-discussion] Problem compiling pmacct on CentOS 6 Hi John, Plese consider in 1.6.0, the code currently on GitHub, the build system has totally changed - maybe you want to give a try with that one and see if it works? If it does not or you need to stick to 1.5.3, i'd be happy to have a look myself on your box as i have no way to reproduce this. Cheers, Paolo On Mon, Apr 18, 2016 at 10:53:45AM -0400, Tech Support wrote: > All; > > I'm having a problem compiling pmacct-1.5.3 on a CentOS 6 32-bit system. > I didn't have any problems compiling it on a CentOS6 64-bit system though. > I'm configuring it like so: > > ./configure --enable-mysql --enable-jansson. But when I type 'make' > I'm getting the following error: > > > > /usr/bin/ld: cannot find -lnfprobe_plugin > > collect2: ld returned 1 exit status > > gmake[2]: *** [pmacctd] Error 1 > > gmake[2]: Leaving directory `/root/pmacct/pmacct-1.5.3/src' > > gmake[1]: *** [all-recursive] Error 1 > > gmake[1]: Leaving directory `/root/pmacct/pmacct-1.5.3/src' > > make: *** [all-recursive] Error 1 > > > > Can anyone shed any light on what I need to do to resolve this? What > am I missing here? Any insight at all would be greatly appreciated. > > Thanks; > > John V. > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Problem compiling pmacct on CentOS 6
All; I'm having a problem compiling pmacct-1.5.3 on a CentOS 6 32-bit system. I didn't have any problems compiling it on a CentOS6 64-bit system though. I'm configuring it like so: ./configure --enable-mysql --enable-jansson. But when I type 'make' I'm getting the following error: /usr/bin/ld: cannot find -lnfprobe_plugin collect2: ld returned 1 exit status gmake[2]: *** [pmacctd] Error 1 gmake[2]: Leaving directory `/root/pmacct/pmacct-1.5.3/src' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/root/pmacct/pmacct-1.5.3/src' make: *** [all-recursive] Error 1 Can anyone shed any light on what I need to do to resolve this? What am I missing here? Any insight at all would be greatly appreciated. Thanks; John V. ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
