Re: [pmacct-discussion] GTP inspection with pmacct
For the list archives: this thread is a duplicate of an ongoing private one. On Tue, Jul 14, 2015 at 07:44:22PM -0400, Kafui Akyea wrote: > Hello Paolo, > > Again i must say great job with this software. > > I have been looking through the mailing list for how to enable GTP > inspection with pmacct but no success. > > For now i did like to begin with enabling GTP inspection and sending some > data to it. > > Thanks > Kafui > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] netflow v9 ifindex always 0 - pmacct version 1.5.1
Hi Steve, libpcap does not report such info due to no integration with the underlying OS. This is an advantage of using ULOG due to its tight coupling to the OS. Plus, in the QUICKSTART document "Quickstart guide to setup a NetFlow agent/probe" chapter it is described how pmacct can help setting direction and interface indexes basing on MAC or IP addresses. Cheers, Paolo On Thu, Jul 16, 2015 at 12:27:01PM -0400, Steve Clark wrote: > Hello, > > I have read the discussing in this email thread: > https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg02187.html > But still can't see anything but zero in the InputInt: and OutputInt: when > looking at the exported packets with > wireshark: > > > Here is my simple config - could someone explain what I am doing wrong? > > ! > ! pmacctd configuration example > ! > ! Did you know CONFIG-KEYS contains the detailed list of all configuration > keys > ! supported by 'nfacctd' and 'pmacctd' ? > ! > ! debug: true > daemonize: false > interface: p4p1 > aggregate: src_host, dst_host, src_port, dst_port, proto, tos, in_iface, > out_iface > plugins: nfprobe[p4p1] > nfprobe_receiver: 10.0.129.71:2055 > nfprobe_version: 9 > nfprobe_ifindex[p4p1]: 4 > ! nfprobe_engine: 1:1 > ! nfprobe_timeouts: tcp=120:maxlife=3600 > ! > ! networks_file: /path/to/networks.lst > ! classifiers: /path/to/classifiers/ > ! snaplen: 700 > > Startup command: > > sudo ../src/pmacctd -f ./probe_netflow.conf > INFO ( default/core ): Reading configuration file > '/var/lib/pgsql/pmacct-1.5.1/examples/probe_netflow.conf'. > INFO ( p4p1/nfprobe ): NetFlow probe plugin is originally based on softflowd > 0.9.7 software, Copyright 2002 Damien Miller All rights > reserved. > INFO ( p4p1/nfprobe ): TCP timeout: 3600s > INFO ( p4p1/nfprobe ): TCP post-RST timeout: 120s > INFO ( p4p1/nfprobe ): TCP post-FIN timeout: 300s > INFO ( p4p1/nfprobe ): UDP timeout: 300s > INFO ( p4p1/nfprobe ): ICMP timeout: 300s > INFO ( p4p1/nfprobe ): General timeout: 3600s > INFO ( p4p1/nfprobe ): Maximum lifetime: 604800s > INFO ( p4p1/nfprobe ): Expiry interval: 60s > INFO ( p4p1/nfprobe ): Exporting flows to [10.0.129.71]:iop > OK ( default/core ): link type is: 1 > WARN ( default/core ): p4p1: no IPv4 address assigned > ^CWARN ( p4p1/nfprobe ): Shutting down on user request. > OK: Exiting ... > > Thanks, > > -- > Stephen Clark > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] netflow v9 ifindex always 0 - pmacct version 1.5.1
Hello, I have read the discussing in this email thread: https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg02187.html But still can't see anything but zero in the InputInt: and OutputInt: when looking at the exported packets with wireshark: Here is my simple config - could someone explain what I am doing wrong? ! ! pmacctd configuration example ! ! Did you know CONFIG-KEYS contains the detailed list of all configuration keys ! supported by 'nfacctd' and 'pmacctd' ? ! ! debug: true daemonize: false interface: p4p1 aggregate: src_host, dst_host, src_port, dst_port, proto, tos, in_iface, out_iface plugins: nfprobe[p4p1] nfprobe_receiver: 10.0.129.71:2055 nfprobe_version: 9 nfprobe_ifindex[p4p1]: 4 ! nfprobe_engine: 1:1 ! nfprobe_timeouts: tcp=120:maxlife=3600 ! ! networks_file: /path/to/networks.lst ! classifiers: /path/to/classifiers/ ! snaplen: 700 Startup command: sudo ../src/pmacctd -f ./probe_netflow.conf INFO ( default/core ): Reading configuration file '/var/lib/pgsql/pmacct-1.5.1/examples/probe_netflow.conf'. INFO ( p4p1/nfprobe ): NetFlow probe plugin is originally based on softflowd 0.9.7 software, Copyright 2002 Damien Miller All rights reserved. INFO ( p4p1/nfprobe ): TCP timeout: 3600s INFO ( p4p1/nfprobe ): TCP post-RST timeout: 120s INFO ( p4p1/nfprobe ): TCP post-FIN timeout: 300s INFO ( p4p1/nfprobe ): UDP timeout: 300s INFO ( p4p1/nfprobe ): ICMP timeout: 300s INFO ( p4p1/nfprobe ): General timeout: 3600s INFO ( p4p1/nfprobe ): Maximum lifetime: 604800s INFO ( p4p1/nfprobe ): Expiry interval: 60s INFO ( p4p1/nfprobe ): Exporting flows to [10.0.129.71]:iop OK ( default/core ): link type is: 1 WARN ( default/core ): p4p1: no IPv4 address assigned ^CWARN ( p4p1/nfprobe ): Shutting down on user request. OK: Exiting ... Thanks, -- Stephen Clark ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
