Hi Ian, On Wed, Dec 13, 2006 at 01:43:43PM +1100, IT Officer wrote:
> Just today I created another .conf file using the src/dst_net aggregate > and ran another pmacctd instance. When I display the statistics I get > data for 2 networks. One of these is 0.0.0.0. There seems to be a lot of > traffic to/from this network. Can someone explain what this might be? When you specify a 'networks_file', you are selecting a number of networks you have interest into (ie. local networks). Any host not included into such networks is rewritten as 0.0.0.0 and cumulated into an unique entry. If your local network is 10.x.y.z/n - defined into your 'networks_file' a flow going from 10.1.2.3 to 1.2.3.4 will get the 1.2.3.4 rewritten as 0.0.0.0. This is particularly useful in those scenarios in which you need to know how much traffic is generated by "all the rest" (ie. all networks which are not local). a) if that's not the case and b) describing your local networks is simple enough in terms of a libpcap-style filter, you can modify your configuration by attaching an 'aggregate_filter' directive to each plugin, ie: aggregate_filter[in]: dst net 10.x.y.z/n aggregate_filter[out]: src net 10.x.y.z/n Hope this helps. Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
