Re: [pmacct-discussion] sfacctd and tagging with filters

2017-04-06 Thread Aurelien Kempiak 

Yes, it's VLAN-tagged. I've tested your suggestion, it works !!

Was I able to find this info myself (I can't find it in the 
documentation), or was it quite difficult to find it without asking here ?


I'm asking this in order to improve my autonomy. Thanks a lot Paolo !




Le 06/04/2017 à 10:47, Paolo Lucente a écrit :

Hi Aurelien,

Is it possible your traffic is VLAN-tagged and/or MPLS-labelled? That
may explain why tagging is not working, pcap filters are sensible to
that. See for example here:

https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg02784.html

Paolo
  
On Tue, Apr 04, 2017 at 04:32:13PM +0200, Aurelien Kempiak wrote:

Hello there!

I'm trying to tag my flows per set of hosts (each set is a customer)
and record them into mysql.
So, here is my (testing) pretag.map file :

set_tag=101 ip=185.151.188.33 filter='src host 185.151.188.30'
set_tag=102 ip=185.151.188.34 filter='src host 185.151.188.30'
set_tag=103 ip=0.0.0.0/0 filter='src net 185.151.188.0/22'
set_tag=106 ip=0.0.0.0/0

And the relevant part of my sfacctd.conf file :

! tag filtering
pre_tag_map: /etc/pmacct/pretag.map
pre_tag_filter[if-out]: 101-106

! aggregate definitions
aggregate[if-out]: tag, src_host

With that configuration, flows done by 185.151.188.30 are well
recorded with '185.151.188.30' value in the 'ip_src' mysql field,
but they are never tagged with '101', nor '102', nor even '103'
values. They are tagged with '106' value. Like if the filter never
matches.
I have no idea why, could someone help please ? Thanks a lot !


--



*Aurélien* *Kempiak*
*System & Network Engineer*

*Fixe :* 03 59 82 20 05

125 Avenue de la République 59110 La Madeleine
12 rue Marivaux 75002 Paris






___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


--



*Aurélien* *Kempiak*
*System & Network Engineer*

*Fixe :* 03 59 82 20 05

125 Avenue de la République 59110 La Madeleine
12 rue Marivaux 75002 Paris

 
 
 



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] sfacctd and tagging with filters

2017-04-06 Thread Paolo Lucente 

Hi Aurelien,

Is it possible your traffic is VLAN-tagged and/or MPLS-labelled? That
may explain why tagging is not working, pcap filters are sensible to
that. See for example here:

https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg02784.html

Paolo
 
On Tue, Apr 04, 2017 at 04:32:13PM +0200, Aurelien Kempiak wrote:
> Hello there!
> 
> I'm trying to tag my flows per set of hosts (each set is a customer)
> and record them into mysql.
> So, here is my (testing) pretag.map file :
> 
> set_tag=101 ip=185.151.188.33 filter='src host 185.151.188.30'
> set_tag=102 ip=185.151.188.34 filter='src host 185.151.188.30'
> set_tag=103 ip=0.0.0.0/0 filter='src net 185.151.188.0/22'
> set_tag=106 ip=0.0.0.0/0
> 
> And the relevant part of my sfacctd.conf file :
> 
> ! tag filtering
> pre_tag_map: /etc/pmacct/pretag.map
> pre_tag_filter[if-out]: 101-106
> 
> ! aggregate definitions
> aggregate[if-out]: tag, src_host
> 
> With that configuration, flows done by 185.151.188.30 are well
> recorded with '185.151.188.30' value in the 'ip_src' mysql field,
> but they are never tagged with '101', nor '102', nor even '103'
> values. They are tagged with '106' value. Like if the filter never
> matches.
> I have no idea why, could someone help please ? Thanks a lot !
> 
> 
> -- 
> 
>   
> 
> *Aurélien* *Kempiak*
> *System & Network Engineer*
> 
> *Fixe :* 03 59 82 20 05
> 
> 125 Avenue de la République 59110 La Madeleine
> 12 rue Marivaux 75002 Paris
> 
> 
> 
> 
> 
> 

> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] sfacctd and tagging with filters

2017-04-04 Thread Aurelien Kempiak 

Hello there!

I'm trying to tag my flows per set of hosts (each set is a customer) and 
record them into mysql.

So, here is my (testing) pretag.map file :

set_tag=101 ip=185.151.188.33 filter='src host 185.151.188.30'
set_tag=102 ip=185.151.188.34 filter='src host 185.151.188.30'
set_tag=103 ip=0.0.0.0/0 filter='src net 185.151.188.0/22'
set_tag=106 ip=0.0.0.0/0

And the relevant part of my sfacctd.conf file :

! tag filtering
pre_tag_map: /etc/pmacct/pretag.map
pre_tag_filter[if-out]: 101-106

! aggregate definitions
aggregate[if-out]: tag, src_host

With that configuration, flows done by 185.151.188.30 are well recorded 
with '185.151.188.30' value in the 'ip_src' mysql field, but they are 
never tagged with '101', nor '102', nor even '103' values. They are 
tagged with '106' value. Like if the filter never matches.

I have no idea why, could someone help please ? Thanks a lot !


--



*Aurélien* *Kempiak*
*System & Network Engineer*

*Fixe :* 03 59 82 20 05

125 Avenue de la République 59110 La Madeleine
12 rue Marivaux 75002 Paris

 
 
 



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists