Hi Paolo, After a reboot I can see outgoing traffic being captured from uacctd at the nflog:1 interface. I run uaccd as below for debugging:
uacctd -r 5 -g 1 -P print -c 'src_host,dst_host,src_port,dst_port,proto' The issue remains the same with the latest version. Incoming traffic is not being captured at the nflog:1 interface of the sim0 ppp interface. At other non-ppp interfaces capturing is fine for IN/OUT. Thanx On Wed, May 29, 2019 at 6:08 PM Alex K <rightkickt...@gmail.com> wrote: > Hi Paolo, > > > On Wed, May 29, 2019 at 4:31 PM Alex K <rightkickt...@gmail.com> wrote: > >> Hi Paolo, >> >> You just caught me doing the upgrade :) >> I will let you know the outcome. >> Thank you! >> >> >> On Wed, May 29, 2019 at 4:17 PM Paolo Lucente <pa...@pmacct.net> wrote: >> >>> >>> Hi Alex, >>> >>> First thing first 1.6.1 is a release of almost 3 years ago, i can't >>> support that - please upgrade to 1.7.3 or master code. That said i can >>> confirm pmacctd/uacctd should support PPP-encapsulated traffic. Also, you >>> may send me a trace of the NFLOG traffic (as captured by tcpdump) via >>> unicast email for some troubleshooting. >>> >> I have installed version 1.7.4. I can confirm that I can get traffic from > physical net interfaces or tunnel interfaces from VPN (OpenVPN) that go > inside the ppp interface. With this new version, I do not get either IN or > OUT traffic. With previous version I was having OUT traffic being captured > from uacctd and printed to CSV. Attached the tcpdump capture at nflog:1 > interface. > > I did run also uacctd -d -r 5 -g 1 and I am getting the following, which > might help: > > WARN: [cmdline] No plugin has been activated; defaulting to in-memory > table. > DEBUG: [cmdline] plugin name/type: 'default'/'core'. > DEBUG: [cmdline] plugin name/type: 'default_memory'/'memory'. > DEBUG: [cmdline] debug:true > DEBUG: [cmdline] sql_refresh_time:5 > DEBUG: [cmdline] uacctd_group:1 > INFO ( default/core ): Linux NetFilter NFLOG Accounting Daemon, uacctd > (20190528-00) > INFO ( default/core ): '--prefix=/usr' '--enable-mysql' '--enable-nflog' > '--enable-l2' '--enable-64bit' '--enable-traffic-bins' '--enable-bgp-bins' > '--enable-bmp-bins' '--enable-st-bins' > INFO ( default/core ): Reading configuration from cmdline. > WARN ( default_memory/memory ): defaulting to SRC HOST aggregation. > INFO ( default_memory/memory ): plugin_pipe_size=4096000 bytes > plugin_buffer_size=280 bytes > INFO ( default_memory/memory ): ctrl channel: obtained=212992 bytes > target=117024 bytes > INFO ( default/core ): Successfully connected Netlink NFLOG socket > DEBUG ( default_memory/memory ): allocating a new memory segment. > DEBUG ( default_memory/memory ): allocating a new memory segment. > OK ( default_memory/memory ): waiting for data on: '/tmp/collect.pipe' > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > DEBUG ( default_memory/memory ): Selecting bucket 12551. > > Thank you for your assistance! > >> >>> Paolo >>> >>> On Wed, May 29, 2019 at 12:37:40PM +0300, Alex K wrote: >>> > Hi All, >>> > >>> > I am facing the following issue: >>> > >>> > I have configured iptables to log packets coming through a ppp >>> interface >>> > (named sim0) using NFLOG target. These packets are forwarded to uacctd >>> to >>> > the respective uacctd group, as below, which are printed in a CSV file >>> > using the print plugin: >>> > >>> > >>> > iptables (mangle table): >>> > -A INPUT -i sim0 -j NFLOG --nflog-group 1 --nflog-size 40 >>> --nflog-threshold >>> > 10 --nflog-prefix sim0in >>> > -A FORWARD -i sim0 -j NFLOG --nflog-group 1 --nflog-size 40 >>> > --nflog-threshold 10 --nflog-prefix sim0in >>> > -A POSTROUTING -o sim0 -j NFLOG --nflog-group 1 --nflog-size 40 >>> > --nflog-threshold 10 --nflog-prefix sim0out >>> > >>> > >>> > uacctd config: >>> > ! Collect traffic on sim0 >>> > daemonize: true >>> > debug: true >>> > promisc: false >>> > pidfile: /var/run/uacctd_sim0.pid >>> > imt_path: /tmp/uacctd_sim0.pipe >>> > !syslog: daemon >>> > logfile: /var/log/uacct/uacct_sim0.log >>> > uacctd_group: 1 >>> > plugins: print[in_out_sim0] >>> > aggregate[in_out_sim0]:src_host,dst_host,src_port,dst_port,proto >>> > print_output[in_out_sim0]: csv >>> > print_output_file[in_out_sim0]: /var/lib/uacctd-sim0-%Y%m%d.csv >>> > print_output_file_append[in_out_sim0]: true >>> > print_refresh_time: 10 >>> > print_history: 24h >>> > >>> > I receive normally outgoing traffic which is logged at the CSV file. >>> > Using tcpdump I can see all the in/out traffic and iptables counters >>> are >>> > rising at the respective chains. The sim0 interface is dynamically >>> brought >>> > up from a ppp connection. >>> > >>> > Do you have any idea why uacctd is not getting those incoming packets >>> > (INPUT and FORWARD chain) or how this can be troubleshooted. I am using >>> > pmacct 1.6.1-1. >>> > >>> > Thank you! >>> > Alex >>> >>> > _______________________________________________ >>> > pmacct-discussion mailing list >>> > http://www.pmacct.net/#mailinglists >>> >>> >>> _______________________________________________ >>> pmacct-discussion mailing list >>> http://www.pmacct.net/#mailinglists >>> >>
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
