[pmacct-discussion] Layer 7 classification problem.

2009-11-20 Thread Buddhike 
Hi,

I'm testing pmacct on my network, and pmacct runs on a box inbetween my LAN
switch and My ADSL router, and i'm using layer 7 classifires for classify
traffic. But when testing I observed that the traffic is not correctly
displayed according to the classification some of the problems i've seen are
listed below.

1. Most of the http traffic are classifed as finger.
2. All the other traffic are also shown either as unknown or in some other
non-relevant protocols.

my pmacct config file is as follows

debug: false
daemonize: true
interface: eth0
classifiers: /usr/local/lL7
snaplen: 700
classifier_tentatives: 7
plugin_buffer_size: 10240
plugin_pipe_size: 1024
plugins: memory[all]
aggregate[all]: src_mac, dst_mac, src_host, src_port, dst_host, dst_port,
class
aggregate_filter[all]:
imt_path[all]: /tmp/all.pipe



I've downloaded the pattern files from the following link and extracted all
the .pat files into /usr/local/L7 folder. I'm wondering wether this is my
configuration problem or else the problem is with pattern files.

Any help would be highly appreciated.
Regards,
Buddhike.

LINK :
http://sourceforge.net/projects/l7-filter/files/Protocol%20definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz/download





-- 
breakIT
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] invalid network mask?

2009-11-20 Thread Charlie Allom 
On Thu, Nov 19, 2009 at 03:53:56PM +, Paolo Lucente wrote:
 Hi Charlie,
 
 It appears you didn't put the table in the correct format first. Is
 it the case? If yes, to make that table pmacct-friendly you have to
 pre-process it as follows:
 
 cat bgptable | sed 's/\([0-9a-f:][0-9a-f\.\/:]*\).* \([0-9][0-9]*\)[ 
 0-9,{}]*$/\2,\1/' | uniq  networks.lst
 
 At least it works fine with GNU sed. And do consider this was really
 a 5 minutes job, so double-check accuracy of the output.

gah! sorry should have looked at a previous table I'd made. how silly.

-- 
 020 7729 4797
 http://blog.playlouder.com/

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Layer 7 classification problem.

2009-11-20 Thread Paolo Lucente 
Hi,

On Fri, Nov 20, 2009 at 05:06:25PM +0530, Buddhike wrote:

 I'm testing pmacct on my network, and pmacct runs on a box inbetween my LAN
 switch and My ADSL router, and i'm using layer 7 classifires for classify
 traffic. But when testing I observed that the traffic is not correctly
 displayed according to the classification some of the problems i've seen are
 listed below.
 
 1. Most of the http traffic are classifed as finger.
 2. All the other traffic are also shown either as unknown or in some other
 non-relevant protocols.

There was a very similar thread going on few days ago - and still not solved;
you can check it out at the link below:

http://www.mail-archive.com/pmacct-discussion@pmacct.net/msg01374.html

You can perform some troubleshooting as per that thread and see if it helps.
Otherwise, it has to be debugged and at a glance feeling is that the issue
is not lying in the pmacct domain. FYI, pmacct leverages both regexp engine
and classifiers of the L7-filter project. 

Cheers,
Paolo



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] MySQL options

2009-11-20 Thread Joel Roberts 
Hi all,

I have installed pmacct using ./configure, and then make install

All seems to have worked fine as no errors popped up in the installation.
I'm struggling with how to setup simple logging for mysql. I'll explain what
I'd like to achieve.

I need to setup traffic accounting (in and out) for each IP address, and
then export that data to an EXTERNAL mysql database on a separate machine
accessible via IP address. How do I go about setting up pmacct to do this?

Cheers,
Joel

-Original Message-
From: pmacct-discussion-boun...@pmacct.net
[mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Paolo Lucente
Sent: Saturday, November 21, 2009 3:11 AM
To: pmacct-discussion@pmacct.net
Subject: Re: [pmacct-discussion] MySQL options

Hi Joel,

On Fri, Nov 20, 2009 at 05:24:29PM +1100, Joel Roberts wrote:
 
 I'm trying to install pmacct for the first time on XenServer. I have
 installed mysql and can confirm the library files can be found:
 
 [r...@localhost pmacct-0.12.0rc3]# find / -name libmysql*
 /usr/lib/mysql/libmysqlclient.so.15
 /usr/lib/mysql/libmysqlclient.so.15.0.0
 /usr/lib/mysql/libmysqlclient_r.so.15.0.0
 /usr/lib/mysql/libmysqlclient_r.so.15

pmacct seeks for either the .a or .so library files. Hence none of
the above does match the search. Often this happens when the -devel
package is not installed; once this gets installed, it links the .so
to one of the above files and installs the headers. Can you check
whether this is the case?

Cheers,
Paolo


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 4625 (20091120) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists