Hello Paolo,
thanke for your fast reply, now to your questions:
* yes, --enable-ipv6 was used at compile time
* i have tried with and without aggregate_filter for our IPv6 subnet
* yes, i can see netflow v9 datagrams containing IPv6 records
I hope this helps, if you need a sample datagram i can send it over
on monday.
Regards
Carsten
Zitat von Paolo Lucente pa...@pmacct.net:
Hi Carsten,
A couple of things come to mind:
* Was pmacct compiled with --enable-ipv6 ?
* Are 'aggregate_filter' directives including the IPv6 subnets you
want to account for?
* If, in parallel to nfacctd, you fire up a Wireshark (or tshark);
by decoding the NetFlow v9 datagrams generated by the probe, can
you spot the IPv6 records being sent over to the collector?
Basing on the answers to the above questions, we can drill it down
further.
Cheers,
Paolo
On Fri, Jul 23, 2010 at 07:00:00PM +0200, InterNetX - Carsten Schoene wrote:
Hello List,
i've setup a nfacctd instance which writes data into mysql, the
configuration looks like this:
daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon
plugin_pipe_size: 1024
plugin_buffer_size: 10240
nfacctd_ip: %MY_NFACCTD_HOST%
nfacctd_port: 5552
nfacctd_allow_file:/etc/pmacct/nfacctd.allow
nfacctd_time_new: true
plugins: mysql[in], mysql[out]
aggregate[in]: dst_host
aggregate[out]: src_host
aggregate_filter[in]: dst net %MYNETWORK_A%/18 or dst net %MYNETWORK_B%/19
aggregate_filter[out]: src net %MYNETWORK_A%/18 or src net %MYNETWORK_B%/19
sql_host:localhost
sql_user:pmacct
sql_passwd:*
sql_optimize_clauses: true
sql_refresh_time: 300
sql_history: 5m
sql_dont_try_update: true
sql_history_roundoff: m
sql_table_version: 7
sql_table:acct_v7_%Y%m%d_%H00
sql_table_schema:/etc/pmacct/mysql_v7_table.sql
sql_recovery_logfile: /raid/nfacctd_recovery_log
sql_multi_values: 16384000
CREATE TABLE IF NOT EXISTS acct_v7_%Y%m%d_%H00 (
id INT UNSIGNED NOT NULL AUTO_INCREMENT,
ip_src CHAR(45) NOT NULL,
ip_dst CHAR(45) NOT NULL,
packets INT UNSIGNED NOT NULL,
bytes BIGINT UNSIGNED NOT NULL,
flows INT UNSIGNED NOT NULL,
stamp_inserted DATETIME NOT NULL,
stamp_updated DATETIME,
PRIMARY KEY (id),
KEY `src_dst_stamps` (ip_src, ip_dst, stamp_inserted,
stamp_updated),
KEY(ip_src),
KEY(ip_dst)
) ENGINE=MyISAM;
We are running nprobe which exports netflow v9 data using the
following netflow template:
%IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV4_SRC_ADDR %IPV4_DST_ADDR
%LAST_SWITCHED %FIRST_SWITCHED %IN_BYTES
%OUT_BYTES %IN_PKTS %OUT_PKTS %L4_SRC_PORT %L4_DST_PORT %PROTOCOL
%TCP_FLAGS %IP_PROTOCOL_VERSION
%SRC_TOS %SRC_AS %DST_AS %IPV6_SRC_MASK %IPV6_DST_MASK %SRC_MASK %DST_MASK
The problem is, that there are no IPv6 entrys written into the
tables, only ipv4 addresses.
Any idea or help would be great
Regards
--
Carsten Sch?ne
Leiter Rechenzentrum
InterNetX GmbH
Maximilianstr. 6
93047 Regensburg
Tel. +49 941 59559-480
Fax +49 941 59579-051
www.internetx.com
www.facebook.com/InterNetX
www.twitter.com/InterNetX
Gesch?ftsf?hrer/CEO: Thomas M?rz
Amtsgericht Regensburg, HRB 7142
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
--
Carsten Schöne
Leiter Rechenzentrum
InterNetX GmbH
Maximilianstr. 6
93047 Regensburg
Tel. +49 941 59559-0
Fax +49 941 59559-50
E-Mail: carsten.scho...@internetx.de
www.internetx.com
www.facebook.com/InterNetX
www.twitter.com/InterNetX
Geschäftsführer/CEO: Thomas Mörz
Amtsgericht Regensburg, HRB 7142
This message was sent using IMP, the Internet Messaging Program.
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
