Hi Paolo,
I'm running pmacctd 0.11.5 on a small network for traffic accounting.
Generally it's behaving well, but occasionally I can see weird data being
inserted:
17190 Query INSERT INTO `acct_v7` (stamp_updated, stamp_inserted, vlan,
ip_dst, as_src, as_dst, src_port, dst_port, tcp_flags,
Hi Chris,
About the SQL INSERT conflict, are you by any chance making use of the
sql_dont_try_update directive in your configuration? And are you using
32bit counters? The conjunction of these two conditions might explain.
The SQL cache code, while summing up counters, makes a check on whether
Hi Karl,
On Sat, 14 Mar 2009, Karl O. Pinc wrote:
Do you have any ideas what might be going on here?
Have you bound to an interface with 'interface'?
Could be you're picking up, say, a file transfer to your gateway.
You'd want to monitor your external interface, or filter out traffic to
Hi Paolo,
On Sat, 14 Mar 2009, Paolo Lucente wrote:
About the SQL INSERT conflict, are you by any chance making use of the
sql_dont_try_update directive in your configuration?
Yes I am, because it's much more efficient.
And are you using 32bit counters?
I think so, yes. I compiled with
On 03/14/2009 12:38:09 PM, Chris Wilson wrote:
Hi Karl,
On Sat, 14 Mar 2009, Karl O. Pinc wrote:
As a debugging aid (or in general) you might consider putting your
rfc1918 network in a networks file. With an aggregate on sum_net and
without any other filters you get the cross
Hi Karl,
On Sat, 14 Mar 2009, Karl O. Pinc wrote:
Sorry, what is an aggregate on sum_net? I'm aggregating on ip_src and
ip_dst respectively in two different plugins.
sum_net gets you a all the traffic to and from each network you list in
your networks file, plus to and from anywhere else.
Hi Karl,
On Sat, 14 Mar 2009, Chris Wilson wrote:
sum_net gets you a all the traffic to and from each network you list in
your networks file, plus to and from anywhere else. The cross product.
In your case, if you put only 192.168.0.0/24 in your networks file you
get out totals for the
On 03/14/2009 01:19:09 PM, Chris Wilson wrote:
Sorry, I just realised that that only produces a summary of all
traffic
from the net, whereas I want to account by individual host within the
net.
So I can't replace my current config with sum_net, but I have added it
as
a new plugin.
You
Hi Paolo,
On Sat, 14 Mar 2009, Paolo Lucente wrote:
Any signs of massive packet drops on any port throughout your switches?
I ask because the traffic reported might not have been actually
delivered to the end host.
The switch has been up for 12.25 days, and in that time has recorded
