[pmacct-discussion] Multiples nfacctd deamons writing to same Kafka topic
Hello guys, I implemented nfacctd acting as a Netflow collector using pmacct. It is working perfectly and writing the flows to a Kafka topic which I have an application processing it. Following is my configuration: kafka_topic: netflow kafka_broker_host: Kafka-host kafka_broker_port: 9092 kafka_refresh_time: 1 daemonize: true plugins: kafka pcap_interface: enp0s8 nfacctd_ip: 192.168.1.100 nfacctd_port: 9995 aggregate: src_host, dst_host, timestamp_start, timestamp_end, src_port, dst_port, proto Currently, there is only one Netflow exporter sending data to this demon and I would like to add another exporter. The problem is that I am not finding a way to differentiate the flows coming from different exporters. Let's say I have the exporter A currently sending data to nfacctd running at port 9995 and the data is being written to Kafka topic Netflow. Now I want a new exporter B to start sending data to nfacctd port 9996 which will be running as a separate demon ( just because I though so, not sure yet if it is a necessary approach) and writing the data to the same Netflow topic in Kafka. When the data comes from Kafka to my application, I cannot tell from which exporter the data came from. I would need some sort of identification in order to make this differentiation. It is important for me, because my application may treat differently Netflow traffic coming from these two Netflow exporters. Thanks in advance. Emanuel ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] How to record ICMP and ICMP6 types/codes by pmacctd?
Hi! I've started using pmacctd to replace old netflow collectors for my main and test networks, which run both IPv6 and IPv4. It works very well, except that I haven't yet found a way to record the ICMP and ICMP6 types and codes. In other collectors, these are often stored in the destination port (otherwise unused for ICMP/ICMP6), in the format "A.B", where A is the type and B is the code. For example, "3.1" would represent ICMP type 3 (Destination Unreachable), code 1 (Host Unreachable). I see lots of ICMP and ICMP6 flows, but unfortunately, the destination port is always set to "0.0", as if nothing is being recorded there. A simple config: daemonize: true ! interface: net1 aggregate: src_host, dst_host, src_port, dst_port, proto, tos plugins: nfprobe nfprobe_receiver: 192.168.14.2:9997 nfprobe_version: 9 I haven't found documentation or examples that show how to enable recording the types and codes, and no relevant primitives to add to the aggregate statement. Would someone be able to tell me how to do this? Thank you! -Indy ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists