[pmacct-discussion] Problem with aggregate_filter
Hi, I'm testing pmacct on my network, and pmacct runs on a box inbetween my LAN switch and My ADSL router, and want to filter out my incoming and outgoing traffic using ADSL router's MAC address. I Just want to know is whether i can use the aggregate_filter to filter traffic using MAC address. I've searched on google but didn't find any examples with mac adresses but with src/dst networks. But i didn't seen any records saying that aggrigate_filter can't be used with src mac and dst mac option. anyway I tested it with the following config file but it didn't worked. pmacctd.conf ## debug: false daemonize: true interface: eth0 snaplen: 700 classifier_tentatives: 7 plugin_buffer_size: 10240 plugin_pipe_size: 1024 plugins: memory[outb], memory[inb] aggregate[outb]: src_mac, dst_mac, src_host, src_port, dst_host, dst_port aggregate_filter[outb]:dst mac xx:xx:xx:xx:xx:xx imt_path[outb]: /tmp/outb.pipe ! aggregate[inb]: src_mac, dst_mac, src_host, src_port, dst_host, dst_port aggregate_filter[inb]: src mac xx:xx:xx:xx:xx:xx imt_path[inb]: /tmp/inb.pipe ### where xx:xx:xx:xx:xx:xx= ADSL gateway's MAC address. Im using pmacct 0.11.4 with libpcap 0.9.4 on linux 2.6.17.14 kernel. Any help will be highly appriciated. Regards buddhike. ~ -- breakIT ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] Problem with aggregate_filter
Hi, On Thu, Nov 19, 2009 at 04:00:33PM +0530, Buddhike wrote: I've searched on google but didn't find any examples with mac adresses but with src/dst networks. But i didn't seen any records saying that aggrigate_filter can't be used with src mac and dst mac option. anyway I tested it with the following config file but it didn't worked. Remember filters in pmacct follow tcpdump/libpcap syntax - so you can always check tcpdump man page when in doubt. The correct syntax is ether src and ether dst. Cheers, Paolo ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] Problem with aggregate_filter
Hi, Thanks a lot ! Regards, Buddhike On Thu, Nov 19, 2009 at 9:25 PM, Paolo Lucente pa...@pmacct.net wrote: Hi, On Thu, Nov 19, 2009 at 04:00:33PM +0530, Buddhike wrote: I've searched on google but didn't find any examples with mac adresses but with src/dst networks. But i didn't seen any records saying that aggrigate_filter can't be used with src mac and dst mac option. anyway I tested it with the following config file but it didn't worked. Remember filters in pmacct follow tcpdump/libpcap syntax - so you can always check tcpdump man page when in doubt. The correct syntax is ether src and ether dst. Cheers, Paolo ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists -- breakIT ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
