Hi, hoping that someone can help me with this issue. I am trying to run nfacctd in a container and I’m using a pretag.map file to filter only certain netflow records. When I remove the “pre_tag_map:” line and “pre_tag_label_filter” from the config file, I am able to export the netflow records to the mysql database. When I add the same config back in, I get no netflow records in my database. The same config with the pre_tag_map config seems to work when running nfacctd natively on the host OS. Anybody have any ideas what the issue is? Here’s a sample of my template config file:
daemonize: false nfacctd_port: 2055 nfacctd_time_new: true pre_tag_map: pretag.map maps_index: true maps_entries: 10000 plugins: mysql[dns], mysql[ntp], mysql[ssdp], mysql[snmp], mysql[chargen], mysql[ldap], mysql[portmap] aggregate: src_host, src_port, dst_host, dst_port, proto, src_as, dst_as, in_iface, out_iface, peer_src_ip pre_tag_label_filter[dns]: dns aggregate_filter[dns]: dst port 53 pre_tag_label_filter[ntp]: ntp aggregate_filter[ntp]: dst port 123 pre_tag_label_filter[ssdp]: ssdp aggregate_filter[ssdp]: dst port 1900 pre_tag_label_filter[snmp]: snmp aggregate_filter[snmp]: dst port 161 pre_tag_label_filter[chargen]: chargen aggregate_filter[chargen]: dst port 19 pre_tag_label_filter[ldap]: ldap aggregate_filter[ldap]: dst port 389 pre_tag_label_filter[portmap]: portmap aggregate_filter[portmap]: dst port 111 sql_db[dns]: honeypot_feed sql_optimize_clauses[dns]: true sql_table[dns]: netflow sql_host[dns]: ${SQL_HOST} sql_passwd[dns]: ${SQL_PASSWORD} sql_user[dns]: ${SQL_USER} sql_refresh_time[dns]: 10 sql_history[dns]: 1m sql_history_roundoff[dns]: mh sql_db[ntp]: honeypot_feed sql_optimize_clauses[ntp]: true sql_table[ntp]: netflow sql_host[ntp]: ${SQL_HOST} sql_passwd[ntp]: ${SQL_PASSWORD} sql_user[ntp]: ${SQL_USER} sql_refresh_time[ntp]: 10 sql_history[ntp]: 1m sql_history_roundoff[ntp]: mh sql_db[snmp]: ${SQL_DATABASE} sql_optimize_clauses[snmp]: true sql_table[snmp]: netflow sql_host[snmp]: ${SQL_HOST} sql_passwd[snmp]: ${SQL_PASSWORD} sql_user[snmp]: ${SQL_USER} sql_refresh_time[snmp]: 10 sql_history[snmp]: 1m sql_history_roundoff[snmp]: mh sql_db[ssdp]: ${SQL_DATABASE} sql_optimize_clauses[ssdp]: true sql_table[ssdp]: netflow sql_host[ssdp]: ${SQL_HOST} sql_passwd[ssdp]: ${SQL_PASSWORD} sql_user[ssdp]: ${SQL_USER} sql_refresh_time[ssdp]: 10 sql_history[ssdp]: 1m sql_history_roundoff[ssdp]: mh sql_db[ldap]: ${SQL_DATABASE} sql_optimize_clauses[ldap]: true sql_table[ldap]: netflow sql_host[ldap]: ${SQL_HOST} sql_passwd[ldap]: ${SQL_PASSWORD} sql_user[ldap]: ${SQL_USER} sql_refresh_time[ldap]: 10 sql_history[ldap]: 1m sql_history_roundoff[ldap]: mh sql_db[chargen]: ${SQL_DATABASE} sql_optimize_clauses[chargen]: true sql_table[chargen]: netflow sql_host[chargen]: ${SQL_HOST} sql_passwd[chargen]: ${SQL_PASSWORD} sql_user[chargen]: ${SQL_USER} sql_refresh_time[chargen]: 10 sql_history[chargen]: 1m sql_history_roundoff[chargen]: mh sql_db[portmap]: ${SQL_DATABASE} sql_optimize_clauses[portmap]: true sql_table[portmap]: netflow sql_host[portmap]: ${SQL_HOST} sql_passwd[portmap]: ${SQL_PASSWORD} sql_user[portmap]: ${SQL_USER} sql_refresh_time[portmap]: 10 sql_history[portmap]: 1m sql_history_roundoff[portmap]: mh -------cut------------- Example of pretag.map file: set_label=dns src_net=1.2.3.0/24 set_label=ntp src_net=1.2.3.0/24 set_label=snmp src_net=1.2.3.0/24 set_label=ssdp src_net=1.2.3.0/24 set_label=chargen src_net=1.2.3.0/24 set_label=portmap src_net=1.2.3.0/24 set_label=ldap src_net=1.2.3.0/24 [signature_1767717039] Rich Compton | Principal Eng | 314.596.2828 8560 Upland Drive, Suite B | Englewood, CO 80112
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists