[pmacct-discussion] Out of Office. (was: Out of Office. (was: Out of Office. (was: Out of Office. (was: Nfacct - Missing src_port, and dst_port))))

2016-04-13 Thread Steve Clark

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Out of Office. (was: Out of Office. (was: Out of Office. (was: Nfacct - Missing src_port, and dst_port)))

2016-04-13 Thread Steve Clark

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Out of Office. (was: Out of Office. (was: Nfacct - Missing src_port, and dst_port))

2016-04-13 Thread Steve Clark

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Out of Office. (was: Nfacct - Missing src_port, and dst_port)

2016-04-13 Thread Steve Clark

  
  
Sorry, I will out of the office til 4/21/16.

-- 
  Stephen=C2=A0Clark
  NetWolves Managed Services, LLC.
  Director=C2=A0of=C2=A0Technology
  Phone:=C2=A0813-579-3200
  Fax:=C2=A0813-882-0209
  Email:=C2=A0steve.clark@netwolves.c=
om
  http://www.netwolves.com

  



___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Nfacct - Missing src_port, and dst_port

2016-04-13 Thread Paolo Lucente
Hi Baseem,

The ports_file is not influencial on your original issue - it would only
allow you to narrow down ports to a set of interest (for the sake of not
getting too much data). Ports are in the template so this looks weird: can
you send privately a brief trace of some IPFIX flows (and template so to
be able to decode them)? This is for inspecting them and replaying in lab.

Cheers,
Paolo

On Tue, Apr 12, 2016 at 05:02:51PM +0200, bassem zaki wrote:
> Hello again,
> 
> While searching I found that I should add "ports_file:" primitive but I
> didn't work for me.
> 
> BR,
> Bassem
> 
> On Tue, Apr 12, 2016 at 12:37 PM, bassem zaki 
> wrote:
> 
> > Hello all,
> >
> > I'm new to pmacct and I'm trying to collect IPFIX flows sent from a cisco
> > router using nfacctd and mysql plugin. The problem is I'm not able to
> > collect src_port and dst_port although I'm able to collect them using
> > another netflow collector (SILK).
> >
> > *nfacct.conf:*
> >
> > daemonize: false
> > aggregate[dummy]: src_host, dst_host, src_port, dst_port
> > nfacctd_port: 4739
> > nfacctd_time_new: true
> > plugins: mysql[dummy]
> > sql_db: pmacct
> > sql_table: acct
> > sql_table_version: 1
> > sql_passwd: 
> > sql_user: 
> > sql_refresh_time: 90
> > sql_history: 10m
> > sql_history_roundoff: mh
> >
> > 
> >
> > +-+-+--+---+--+--+--+-+---+-+-+
> > | mac_src | mac_dst | ip_src   | ip_dst| src_port |
> > dst_port | ip_proto | packets | bytes | stamp_inserted  |
> > stamp_updated   |
> >
> > +-+-+--+---+--+--+--+-+---+-+-+
> > | 0:0:0:0:0:0 | 0:0:0:0:0:0 | XX.XX.XX.XX | XX.XX.XX.XX |0
> > |0 | ip   |   1 |   143 | 2016-04-12 11:50:00 | 2016-04-12
> > 11:54:01 |
> >
> > +-+-+--+---+--+--+--+-+---+-+-+
> > 
> >
> > 
> > DEBUG ( default/core ): NfV10 agent : :::XX.XX.XX.XX:256
> > DEBUG ( default/core ): NfV10 template type : flow
> > DEBUG ( default/core ): NfV10 template ID   : 269
> > DEBUG ( default/core ): 
> > DEBUG ( default/core ): | field type | offset |  size  |
> > DEBUG ( default/core ): | IPv4 src addr  |  0 |  4 |
> > DEBUG ( default/core ): | IPv4 dst addr  |  4 |  4 |
> > DEBUG ( default/core ): | L4 src port|  8 |  2 |
> > DEBUG ( default/core ): | L4 dst port| 10 |  2 |
> > DEBUG ( default/core ): | in bytes   | 12 |  4 |
> > DEBUG ( default/core ): | in packets | 16 |  4 |
> > DEBUG ( default/core ): 
> > .
> > .
> > DEBUG ( dummy/mysql ): INSERT INTO `acct` (stamp_updated, stamp_inserted,
> > ip_src, ip_dst, src_port, dst_port, ip_proto, mac_src, mac_dst, packets,
> > bytes) VALUES (FROM_UNIXTIME(1460456228), FROM_UNIXTIME(1460455800),
> > 'XX.XX.XX.XX', 'XX.XX.XX.XX', 0, 0, 'ip', '0:0:0:0:0:0', '0:0:0:0:0:0', 1,
> > 123)
> > 
> >
> > BR,
> > Bassem Zaki
> >

> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists