I was Reading CONFIG-KEYS and internals documents but im doing something wrong
because the pmacct is stolen data.
When I look into the table for the traffic of one ip I see that the accumulate
is stolen.
# pmacct -s -p /tmp/host_in.pipe |grep 184.17
XX.XXX.184.1751277 14929314
# pmacct -s -p /tmp/host_in.pipe |grep 184.17
XX.XXX.184.1753033 15176927
# pmacct -s -p /tmp/host_in.pipe |grep 184.17
XX.XXX.184.172803477449
As you can see the bytes column is minor that before. The last time get 477449
when 10 seconds before has 15176927. My config is:
!
! pmacct: In + Out
!
debug: false
daemonize: true
interface: eth1
promisc: true
syslog: kern
imt_mem_pools_size: 12000
imt_mem_pools_number: 20
plugin_buffer_size: 20480
networks_file: /etc/pmacct/networks2.def
plugins: memory[net_in], memory[net_out], memory[host_in], memory[host_out]
aggregate[net_in]: dst_net
aggregate[net_out]: src_net
aggregate[host_in]: dst_host
aggregate[host_out]: src_host
imt_path[net_in]: /tmp/net_in.pipe
imt_path[net_out]: /tmp/net_out.pipe
imt_path[host_in]: /tmp/host_in.pipe
imt_path[host_out]: /tmp/host_out.pipe
The traffic that I want to monitorize is 70 Mb out and 30 Mb In, is not to much
but im getting stolen data.
Thanks for the help and sorry for my bad English.
Best regards.
Jose Joaquín Antón Herrerías
J jan...@abserver.es
-
Access Basic Server S.L. Elche Parque Industrial. C/Galileo Galilei, 12. 03203
Elche (Alicante).
Telf. +34 96 568 29 04 / 902 380 380 Fax. +34 96 568 35 30
Cláusula de confidencialidad: Este mensaje se dirige exclusivamente al
destinatario consignado. Puede contener información confidencial,
de nuestra propiedad o legalmente protegida. Si usted no es el destinatario,
le informamos que cualquier acceso, divulgación, copia o distribución
de la información, así como cualquier acción u omisión realizada con base a la
misma, queda prohibida y puede ser ilegal. En caso de haber
recibido este mensaje por error, le rogamos nos lo reenvíe y notifique
inmediatamente, borrando toda copia de su sistema. Gracias.
_
Antes de imprimir este mensaje, asegúrese de que es necesario. Proteger el
medio ambiente está en nuestra mano.
Piensa en global, actúa en local.
-Mensaje original-
De: pmacct-discussion-boun...@pmacct.net
[mailto:pmacct-discussion-boun...@pmacct.net] En nombre de Paolo Lucente
Enviado el: lunes, 19 de julio de 2010 20:20
Para: pmacct-discussion@pmacct.net
Asunto: Re: [pmacct-discussion] How many ips can pmacctd monitorize
Hi,
I'd say limit on IP addresses that can be accounted of is only
imposed by resources available (memory) and, when using memory
tables (which is your case), the imt_mem_pools_number setting
(see CONFIG-KEYS for more details).
I see a couple of issues with your config:
* quite large plugin_buffer_size setting; i just wonder if you
had to come up to such huge buffers because of packet loss.
If this is the case then OK; otherwise, if traffic rate does
not justify it i would advice to scale it down, say, to 20KB
or 100KB. Buffering too much has also negative impact.
* If i get correctly you want to have a two tiered approach:
you want to account for /24 subnets (so that you have a more
compact overview of what's going on) and for /32 IP addresses
so that you can drill down who is actually generating traffic
within a certin /24. If this is the case, i would recommend
you to re-write your config as follows:
...
networks_file: /etc/pmacct/networks.def
plugins: memory[net_in], memory[net_out], memory[host_in], memory[host_out]
aggregate[net_in]: dst_net
aggregate[net_out]: src_net
aggregate[host_in]: dst_host
aggregate[host_out]: src_host
imt_path[net_in]: /tmp/net_in.pipe
imt_path[net_out]: /tmp/net_out.pipe
imt_path[host_in]: /tmp/host_in.pipe
imt_path[host_out]: /tmp/host_out.pipe
...
And in the networks.def (which definition is shared among all
the plugins) you put only the /24 ranges - scrap all the /32
definitions. I guess the rest should be pretty much intuitive.
Cheers,
Paolo
On Mon, Jul 19, 2010 at 02:36:56PM +, Jose Joaquin Anton Herrerias wrote:
Hi everyone,
I'm new in pmacctd and i using pmacctd with cacti for drawing
graph of the network, now I want to monitorize the traffic of all ips but are
a lot, 2040 ips and the complete range for give a overall view of the range
traffic.
But I have a trouble, I configure the network.def with all
ips (/32) and all ranges (/24) and I have my pmacctd.conf with:
!
! pmacct: In + Out
!
debug: false
daemonize: true
interface: eth1
plugin_buffer_size: 2048000
plugin_pipe_size: 204800
networks_file: /etc/pmacct/networks.def