Re: [pmacct-discussion] Getting nfacctd to NOT aggregate ?

2016-04-19 Thread Robert Juric 
No problem! If you feel like RTFM :), check out the official examples
http://wiki.pmacct.net/OfficialExamples under Section XVII - Using pmacct
as traffic/event logger; they have some initial information that can be
used. It took me a little trial and error to figure it out.

Robert Juric

On Tue, Apr 19, 2016 at 9:49 AM, Dariush Marsh-Mossadeghi <
dari...@gravitas.co.uk> wrote:

> A… aggregating on something which can’t be aggregated. Nice hack :-)
> Thanks Robert
>
> On 19 Apr 2016, at 15:26, Robert Juric  wrote:
>
> I found you have to build the tables with timestamps and then when you
> aggregate with timestamp_start and timestamp_end you can get the individual
> flow records as opposed to aggregating the records.
>
> Robert Juric
>
>
>
> On Tue, Apr 19, 2016 at 9:00 AM, Dariush Marsh-Mossadeghi <
> dari...@gravitas.co.uk> wrote:
>
>> Hi List,
>>
>> Is there a way to get pmacctd/nfacctd to NOT do any aggregation of flow
>> records ?
>>
>> Specifically,  I’ve got IPFIX coming off a router being handed by nfacctd
>> and it would be useful to temporarily have visibility of every flow record.
>> Tcpdump is not a suitable as part of what I’m trying to ascertain is
>> whether the IPFIX data is accurate.
>>
>> Any suggestions/recipes/config snippets/pointers to RTFM would be
>> gratefully received.
>>
>> Thanks
>> Dariush
>>
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Getting nfacctd to NOT aggregate ?

2016-04-19 Thread Dariush Marsh-Mossadeghi 
A… aggregating on something which can’t be aggregated. Nice hack :-)
Thanks Robert

> On 19 Apr 2016, at 15:26, Robert Juric  wrote:
> 
> I found you have to build the tables with timestamps and then when you 
> aggregate with timestamp_start and timestamp_end you can get the individual 
> flow records as opposed to aggregating the records.
> 
> Robert Juric
> 
> 
> 
> On Tue, Apr 19, 2016 at 9:00 AM, Dariush Marsh-Mossadeghi 
> mailto:dari...@gravitas.co.uk>> wrote:
> Hi List,
> 
> Is there a way to get pmacctd/nfacctd to NOT do any aggregation of flow 
> records ?
> 
> Specifically,  I’ve got IPFIX coming off a router being handed by nfacctd and 
> it would be useful to temporarily have visibility of every flow record. 
> Tcpdump is not a suitable as part of what I’m trying to ascertain is whether 
> the IPFIX data is accurate.
> 
> Any suggestions/recipes/config snippets/pointers to RTFM would be gratefully 
> received.
> 
> Thanks
> Dariush



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Getting nfacctd to NOT aggregate ?

2016-04-19 Thread Robert Juric 
I found you have to build the tables with timestamps and then when you
aggregate with timestamp_start and timestamp_end you can get the individual
flow records as opposed to aggregating the records.

Robert Juric



On Tue, Apr 19, 2016 at 9:00 AM, Dariush Marsh-Mossadeghi <
dari...@gravitas.co.uk> wrote:

> Hi List,
>
> Is there a way to get pmacctd/nfacctd to NOT do any aggregation of flow
> records ?
>
> Specifically,  I’ve got IPFIX coming off a router being handed by nfacctd
> and it would be useful to temporarily have visibility of every flow record.
> Tcpdump is not a suitable as part of what I’m trying to ascertain is
> whether the IPFIX data is accurate.
>
> Any suggestions/recipes/config snippets/pointers to RTFM would be
> gratefully received.
>
> Thanks
> Dariush
>
> Dariush Marsh-Mossadeghi
> E: dari...@gravitas.co.uk
> M: +44 7973 259510
> W: https://uk.linkedin.com/in/dariushmm
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Getting nfacctd to NOT aggregate ?

2016-04-19 Thread Dariush Marsh-Mossadeghi 
Hi List,

Is there a way to get pmacctd/nfacctd to NOT do any aggregation of flow records 
?

Specifically,  I’ve got IPFIX coming off a router being handed by nfacctd and 
it would be useful to temporarily have visibility of every flow record. Tcpdump 
is not a suitable as part of what I’m trying to ascertain is whether the IPFIX 
data is accurate.

Any suggestions/recipes/config snippets/pointers to RTFM would be gratefully 
received.

Thanks
Dariush

Dariush Marsh-Mossadeghi
E: dari...@gravitas.co.uk 
M: +44 7973 259510
W: https://uk.linkedin.com/in/dariushmm 


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Problem compiling pmacct on CentOS 6

2016-04-19 Thread Tech Support 
Hello;
Just downloaded from Git and I was able to build it without a problem. I
Can't than you enough.
Regards;
John V.

-Original Message-
From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On
Behalf Of Paolo Lucente
Sent: Tuesday, April 19, 2016 9:38 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] Problem compiling pmacct on CentOS 6

Hi John,

Plese consider in 1.6.0, the code currently on GitHub, the build system has
totally changed - maybe you want to give a try with that one and see if it
works? If it does not or you need to stick to 1.5.3, i'd be happy to have a
look myself on your box as i have no way to reproduce this.

Cheers,
Paolo

On Mon, Apr 18, 2016 at 10:53:45AM -0400, Tech Support wrote:
> All;
> 
> I'm having a problem compiling pmacct-1.5.3 on a CentOS 6 32-bit
system.
> I didn't have any problems compiling it on a CentOS6 64-bit system though.
> I'm configuring it like so: 
> 
> ./configure --enable-mysql --enable-jansson. But when I type 'make' 
> I'm getting the following error:
> 
>  
> 
> /usr/bin/ld: cannot find -lnfprobe_plugin
> 
> collect2: ld returned 1 exit status
> 
> gmake[2]: *** [pmacctd] Error 1
> 
> gmake[2]: Leaving directory `/root/pmacct/pmacct-1.5.3/src'
> 
> gmake[1]: *** [all-recursive] Error 1
> 
> gmake[1]: Leaving directory `/root/pmacct/pmacct-1.5.3/src'
> 
> make: *** [all-recursive] Error 1
> 
>  
> 
> Can anyone shed any light on what I need to do to resolve this? What 
> am I missing here? Any insight at all would be greatly appreciated.
> 
> Thanks;
> 
> John V.
> 

> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Problem compiling pmacct on CentOS 6

2016-04-19 Thread Paolo Lucente 
Hi John,

Plese consider in 1.6.0, the code currently on GitHub, the build system
has totally changed - maybe you want to give a try with that one and see
if it works? If it does not or you need to stick to 1.5.3, i'd be happy
to have a look myself on your box as i have no way to reproduce this.

Cheers,
Paolo

On Mon, Apr 18, 2016 at 10:53:45AM -0400, Tech Support wrote:
> All;
> 
> I'm having a problem compiling pmacct-1.5.3 on a CentOS 6 32-bit system.
> I didn't have any problems compiling it on a CentOS6 64-bit system though.
> I'm configuring it like so: 
> 
> ./configure --enable-mysql --enable-jansson. But when I type 'make' I'm
> getting the following error:
> 
>  
> 
> /usr/bin/ld: cannot find -lnfprobe_plugin
> 
> collect2: ld returned 1 exit status
> 
> gmake[2]: *** [pmacctd] Error 1
> 
> gmake[2]: Leaving directory `/root/pmacct/pmacct-1.5.3/src'
> 
> gmake[1]: *** [all-recursive] Error 1
> 
> gmake[1]: Leaving directory `/root/pmacct/pmacct-1.5.3/src'
> 
> make: *** [all-recursive] Error 1
> 
>  
> 
> Can anyone shed any light on what I need to do to resolve this? What am I
> missing here? Any insight at all would be greatly appreciated.
> 
> Thanks;
> 
> John V.
> 

> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] pmacct and long flows

2016-04-19 Thread Paolo Lucente 
Hi Michael,

It principle it sounds no problem, you can set those directives even up to
one year. I just wonder whether that would make sense, ie. wait for a long
flow to complete before account for it. But maybe a better explanation of
your use-case and/or what you would like to achieve (ie. what you would like
to see logged in a database) would help to be more precise at my end. Feel
free to ping me unicast if you prefer.

Cheers,
Paolo

On Mon, Apr 18, 2016 at 11:00:31AM +0100, Michael Silas wrote:
> Hello,
> 
> We're currently thinking about whether pmacct is the right tool on our
> network./We often have fairly long flows that can last upwards of a hour on
> our network, and were wondering whether pmacct will be able to aggregate these
> type of flows. I can see the options amqp_history, and amqp_refresh_time in
> our config file - can these values bet set fairly high and will they aggregate
> flows that typically go on for a long time?
> 
>   Many thanks
> 
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists