Re: [pmacct-discussion] Flexible Netflow with Cisco ISR and nfacctd
Thanks, that's exactly what I was looking for ! Didn't get enough time for finding this documentation about primitives. As usual, quick and clear explanation Paolo ;) Let's test and work now on my side. Le 01-12-2020 18:48, Paolo Lucente a écrit : Hi Fabien, With prior knowledge of the template, ie. either you start nfacctd with '-d' (debug) so to see the content of templates in the logs or collect some NetFlow in a pcap file and open it with WireShark, you could use the aggregate_primitives framework of pmacct to define custom primitives. Essentially in the config you do 'aggregate_primitives: /path/to/primitives.lst'. Then for the actual content of the 'primitives.lst' file, you can look here: https://github.com/pmacct/pmacct/blob/1.7.5/examples/primitives.lst.example Top part of the file you can read the knobs available; bottom part you are solely interested in the examples for NetFlow v9/IPFIX, ie. line 60, 66 and 72. You can define custom primitives for pretty much anything but not for non-key dimensions, ie. packets and bytes, those have to be supported natively (although it's on the roadmap to make them also customizable) even though, frankly, that has never been an issue. Should you run in any issue with the counters, please send me an example pcap via unicast email and we'll find a solution. Hope this helps for a start. Paolo On 30/11/2020 22:58, Fabien VINCENT wrote: Hello, I'm looking to do Netflow v9, Flexible Netflow to be honest, with nfacctd but can't find any good ressources to play with nfacctd and aggregate's primitives when having FNF exports. Is their is any documentation if template is a bit "custom" on the Cisco ISR side ? Seems sometimes for some reason, template is marked as unknown, or bytes/packets are null with nfacctd and I can't find any information about how to configure or troubleshoot it Any helps / hints appreciated ! ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists -- Fabien VINCENT @beufanet ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Flexible Netflow with Cisco ISR and nfacctd
Hello, I'm looking to do Netflow v9, Flexible Netflow to be honest, with nfacctd but can't find any good ressources to play with nfacctd and aggregate's primitives when having FNF exports. Is their is any documentation if template is a bit "custom" on the Cisco ISR side ? Seems sometimes for some reason, template is marked as unknown, or bytes/packets are null with nfacctd and I can't find any information about how to configure or troubleshoot it Any helps / hints appreciated ! -- Fabien VINCENT @beufanet ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmacct 1.7.4 released !
Hi Paolo, Thanks for this release and enhancements ! Since upgrade, I see a huge memory leak without any reason. https://github.com/pmacct/pmacct/issues/356 The only changes is I dist-upgrade the machine itself as installed from source 1.7.4 release. I use print plugin on my side on nfacctd processes. Please let me know how I can troubleshoot this, I will rollback to 1.7.3 temporarly Regards, Le 31-12-2019 17:48, Paolo Lucente a écrit : VERSION. 1.7.4 DESCRIPTION. pmacct is a small set of multi-purpose passive network monitoring tools. It can account, classify, aggregate, replicate and export forwarding-plane data, ie. IPv4 and IPv6 traffic; collect and correlate control-plane data via BGP and BMP; collect and correlate RPKI data; collect infrastructure data via Streaming Telemetry. Each component works both as a standalone daemon and as a thread of execution for correlation purposes (ie. enrich NetFlow with BGP data). A pluggable architecture allows to store collected forwarding-plane data into memory tables, RDBMS (MySQL, PostgreSQL, SQLite), noSQL databases (MongoDB, BerkeleyDB), AMQP (RabbitMQ) and Kafka message exchanges and flat-files. pmacct offers customizable historical data breakdown, data enrichments like BGP and IGP correlation and GeoIP lookups, filtering, tagging and triggers. Libpcap, Linux Netlink/NFLOG, sFlow v2/v4/v5, NetFlow v5/v8/v9 and IPFIX are all supported as inputs for forwarding-plane data. Replication of incoming NetFlow, IPFIX and sFlow datagrams is also available. Statistics can be easily exported to time-series databases like ElasticSearch and InfluxDB and traditional tools Cacti RRDtool MRTG, Net-SNMP, GNUPlot, etc. Control-plane and infrastructure data, collected via BGP, BMP and Streaming Telemetry, can be all logged real-time or dumped at regular time intervals to AMQP (RabbitMQ) and Kafka message exchanges and flat-files. HOMEPAGE. http://www.pmacct.net/ DOWNLOAD. http://www.pmacct.net/pmacct-1.7.4.tar.gz CHANGELOG. + Released pmgrpcd.py v3: a Streaming Telemetry collector and decoder for multi-vendor environments written in Python3. It supports gRPC transport along with Protobuf encoding as input and can output to Kafka with Avro encoding. Output to files and JSON encoding is currently supported sending data via ZMQ to pmtelemetryd first. It was tested working with data input from Cisco and Huawei routers and v3 replaces v2. Thanks to the Streaming Telemetry core team: Matthias Arnold ( @tbearma1 ), Camilo Cardona ( @jccardonar ), Thomas Graf ( @graf3 , @graf3net ), Paolo Lucente ( @paololucente ). + Introduced support for the 'vxlan' VXLAN/VNI primitive in all traffic daemons (NetFlow/IPFIX, sFlow and libpcap/ULOG). Existing inner tunnel primitives (ie. tunnel_src_host, tunnel_dst_host, tunnel_proto, etc.) have been wired to the VXLAN decoding and new ones (tunnel_src_mac, tunnel_dst_mac, tunnel_src_port, tunnel_dst_port) were defined. + BMP daemon: added support for Peer Up message namespace for TLVs (draft-ietf-grow-bmp-peer-up) and also support for Route Monitor and Peer Down TLVs (draft-ietf-grow-bmp-tlv). + BGP, BMP daemons: in addition to existing JSON export, data can now be exported in Apache Avro format. There is also support for the Confluent Schema Registry. + Introduced support for JSON-encoded Apache Avro encoding. While the binary-encoded Apache Avro is always recommended for any production scenarios (also to optionallly leverage Confluent Schema Registry support), JSON-encoded is powerful for testing and troubleshooting scenarios. + sfprobe plugin: added support for IPv6 transport for sFlow export. sfprobe_agentip is an IP address put in the header of the sFlow packet. If underlying transport is IPv6, this must be configured to an IPv6 address. + zmq_common.[ch]: Improved modularity of the ZMQ internal API and decoupled bind/connect from push/pull and pub/sub; also improved support for inproc sockets. All to increase the amount of use-cases covered by the API. + bgp_peer_src_as_map: added 'filter' key to cover pmacctd/uacctd use cases. + nfprobe, sfprobe plugins: introduced [sn]fprobe_index_override to override ifindexes dynamically determined (ie. by NFLOG) with values computed by [sn]fprobe_ifindex. + MySQL, PostgreSQL plugins: added support for SSL/TLS connections by specifying a CA certificate (sql_conn_ca_file). + Kafka, AMQP plugins: amqp_markers and kafka_markers have now been properly re-implemented when output encoding is Avro using an own Avro schema (instead of squatting pieces of JSON in the data stream for the very purpose). + print plugin: introduced print_write_empty_file config knob (true, false) to create an empty output file when there are no cache entries to purge. Such behaviour was present in versions up to 0.14 and may be preferred by some to the new >= 1.5 versions behaviour. Thanks to Lee Yongjae ( @setup74 ) for the
Re: [pmacct-discussion] pmbmpd and IPv6
Le 2019-07-15 20:21, Fabien VINCENT a écrit : > Le 2019-07-15 18:14, Paolo Lucente a écrit : > > Hi Fabien, > > Just to confirm that IPv6 should be supported just fine in pmbmpd: the > code for parsing BGP Update PDUs is shared with BGP and, actually, even > the compiler flags that were allowing to disable IPv6 support are gone. > It smells it may be IPv6 data is not included in the export from the > router - can you inspect raw BMP data (say, with wireshark) to be extra > sure? Of course just let me know if you need help with that. > > Paolo > > On Mon, Jul 15, 2019 at 01:45:55PM +0200, Fabien VINCENT wrote: Dear, > > I try to setup a PoC using pmbmpd > > I have a strange behavior with A9K/IOS-XR sending BMP data to bmp-server > > I have the sample config > > ! > bmp_daemon: true > bmp_daemon_ip: 10.x.y.z > bmp_daemon_port: 1790 > ! > ! default to 10 > !bmp_daemon_max_peers > ! > bmp_daemon_msglog_file: /var/log/pmbmpd/bmp-$peer_src_ip.log > ! > > bmp_daemon_allow_file: /opt/pmacct/conf/bmp.allowed > bmp_dump_file: /tmp/pmbmpd/$bmp_router-%s.dump > bmp_dump_output: json > bmp_dump_refresh_time: 120 > > And when dump files are written, nothing related to IPv6 BMP export. Is > it supported on pmacct 1.7.3 ? > > # /usr/local/sbin/pmbmpd -V > pmacct BMP Collector Daemon, pmbmpd 1.7.3-git (20190418-00+c4) > > Arguments: > '--enable-pgsql' '--enable-rabbitmq' '--enable-kafka' '--enable-geoip' > '--enable-jansson' '--enable-l2' '--enable-64bit' > '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' > '--enable-st-bins' > > Libs: > libpcap version 1.8.1 > PostgreSQL 19 > rabbimq-c 0.8.0 > rdkafka 0.11.3 > jansson 2.11 > > System: > Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 > x86_64 > > Compiler: > gcc 7.4.0 > > For suggestions, critics, bugs, contact me: Paolo Lucente > . > > Anything related to pmbmpd or IOS-XR ? > > -- > FABIEN VINCENT > --- > @beufanet > --- > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists Agree, will look at pcap dump tomorrow morning. -- FABIEN VINCENT --- @beufanet --- ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists Can't find any reason why bmp config on IOS-XR is not sending anything to server bmp server 1 bmp server 1 host 10.y.x.z port 1790 bmp server 1 vrf MYVRF bmp server 1 description blabla-pmbmpd bmp server 1 update-source LoopbackA bmp server 1 flapping-delay 3600 bmp server 1 initial-delay 60 bmp server 1 stats-reporting-period 120 bmp server 1 initial-refresh delay 120 => works router bgp 65534 neighbor 192.168.2.1 bmp-activate server 1 => not working router bgp 65534 neighbor 2001:dead::beef bmp-activate server 1 Seems related to IOS-XR behavior but can't explain why as I received no IPv6 BMP dump on IPv4 10.x.y.z Did someone already worked on it ? -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmbmpd and IPv6
Le 2019-07-15 18:14, Paolo Lucente a écrit : > Hi Fabien, > > Just to confirm that IPv6 should be supported just fine in pmbmpd: the > code for parsing BGP Update PDUs is shared with BGP and, actually, even > the compiler flags that were allowing to disable IPv6 support are gone. > It smells it may be IPv6 data is not included in the export from the > router - can you inspect raw BMP data (say, with wireshark) to be extra > sure? Of course just let me know if you need help with that. > > Paolo > > On Mon, Jul 15, 2019 at 01:45:55PM +0200, Fabien VINCENT wrote: > >> Dear, >> >> I try to setup a PoC using pmbmpd >> >> I have a strange behavior with A9K/IOS-XR sending BMP data to bmp-server >> >> I have the sample config >> >> ! >> bmp_daemon: true >> bmp_daemon_ip: 10.x.y.z >> bmp_daemon_port: 1790 >> ! >> ! default to 10 >> !bmp_daemon_max_peers >> ! >> bmp_daemon_msglog_file: /var/log/pmbmpd/bmp-$peer_src_ip.log >> ! >> >> bmp_daemon_allow_file: /opt/pmacct/conf/bmp.allowed >> bmp_dump_file: /tmp/pmbmpd/$bmp_router-%s.dump >> bmp_dump_output: json >> bmp_dump_refresh_time: 120 >> >> And when dump files are written, nothing related to IPv6 BMP export. Is >> it supported on pmacct 1.7.3 ? >> >> # /usr/local/sbin/pmbmpd -V >> pmacct BMP Collector Daemon, pmbmpd 1.7.3-git (20190418-00+c4) >> >> Arguments: >> '--enable-pgsql' '--enable-rabbitmq' '--enable-kafka' '--enable-geoip' >> '--enable-jansson' '--enable-l2' '--enable-64bit' >> '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' >> '--enable-st-bins' >> >> Libs: >> libpcap version 1.8.1 >> PostgreSQL 19 >> rabbimq-c 0.8.0 >> rdkafka 0.11.3 >> jansson 2.11 >> >> System: >> Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 >> x86_64 >> >> Compiler: >> gcc 7.4.0 >> >> For suggestions, critics, bugs, contact me: Paolo Lucente >> . >> >> Anything related to pmbmpd or IOS-XR ? >> >> -- >> FABIEN VINCENT >> --- >> @beufanet >> --- > >> ___ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists Agree, will look at pcap dump tomorrow morning. -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] pmbmpd and IPv6
Dear, I try to setup a PoC using pmbmpd I have a strange behavior with A9K/IOS-XR sending BMP data to bmp-server I have the sample config ! bmp_daemon: true bmp_daemon_ip: 10.x.y.z bmp_daemon_port: 1790 ! ! default to 10 !bmp_daemon_max_peers ! bmp_daemon_msglog_file: /var/log/pmbmpd/bmp-$peer_src_ip.log ! bmp_daemon_allow_file: /opt/pmacct/conf/bmp.allowed bmp_dump_file: /tmp/pmbmpd/$bmp_router-%s.dump bmp_dump_output: json bmp_dump_refresh_time: 120 And when dump files are written, nothing related to IPv6 BMP export. Is it supported on pmacct 1.7.3 ? # /usr/local/sbin/pmbmpd -V pmacct BMP Collector Daemon, pmbmpd 1.7.3-git (20190418-00+c4) Arguments: '--enable-pgsql' '--enable-rabbitmq' '--enable-kafka' '--enable-geoip' '--enable-jansson' '--enable-l2' '--enable-64bit' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' Libs: libpcap version 1.8.1 PostgreSQL 19 rabbimq-c 0.8.0 rdkafka 0.11.3 jansson 2.11 System: Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 Compiler: gcc 7.4.0 For suggestions, critics, bugs, contact me: Paolo Lucente . Anything related to pmbmpd or IOS-XR ? -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Debug print plugins
Dear List, I'm trying to do other tests with print plugin in json. But after some tests, I'm not able anymore to work the json file, it's never written on dis (I've removed a bit of sensitive informations with [...]) # /usr/local/sbin/nfacctd -d -f /opt/pmacct/conf/nfacctd.ebgp.conf DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] plugin name/type: 'default'/'core'. DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] plugin name/type: 'generalOutEbgp'/'print'. DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] daemonize:false DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] pidfile:/var/run/nfacctd_ebgp.pid DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] logfile:/var/log/nfacctd/ebgp.log DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] syslog:daemon DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] interface:[...] DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_ip:[...] DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_port:[...] DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_as:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_as_new:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_time_new:true DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_disable_checks:true DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_net:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_renormalize:true DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] nfacctd_ext_sampling_rate:8000 DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] refresh_maps:true DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] pre_tag_map:/opt/pmacct/conf/pretag.map DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] aggregate[generalOutEbgp]:dst_as,in_iface,out_iface,as_path,dst_host_country,peer_dst_as,peer_dst_ip,etype,tag DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] geoip_ipv4_file:/usr/share/GeoIP/GeoIP.dat DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] geoip_ipv6_file:/usr/share/GeoIP/GeoIPv6.dat DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] refresh_maps:true DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon:true DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon_ip:[...] DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon_max_peers:4 DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_peer_src_as_type:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_src_as_path_type:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_src_std_comm_type:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_stdcomm_pattern:[...]: DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_src_ext_comm_type:bgp DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_agent_map:/opt/pmacct/conf/ebgp.map DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] bgp_daemon_allow_file:/opt/pmacct/conf/bgp.allowed DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] print_output_file[generalOutEbgp]:/tmp/nfacctdOutEbgp.json DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] print_output[generalOutEbgp]:json DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] print_history[generalOutEbgp]:2m DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] print_history_roundoff[generalOutEbgp]:m DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] print_refresh_time[generalOutEbgp]:120 DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] print_trigger_exec[generalOutEbgp]:/opt/nfacctd2influx/nfacctd2influx.sh DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] plugin_pipe_size[generalOutEbgp]:1024000 DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] plugin_buffer_size[generalOutEbgp]:1024 DEBUG: [/opt/pmacct/conf/nfacctd.ebgp.conf] debug:true But file is never created on /tmp/nfacctdOutEbgp.json and purge happen without any effect : 2018-12-13T16:32:01Z INFO ( generalOutEbgp/print ): *** Purging cache - START (PID: 5604) *** 2018-12-13T16:32:01Z INFO ( generalOutEbgp/print ): *** Purging cache - END (PID: 5604, QN: 0/0, ET: 0) *** How can I tshoot the problem ? What's missing / wrong ? -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] bgp_as_path_radius / pgsql and bgp_aggregate
Dear List, I've an issue when nfacctd try to push to pgsql database : PGSQL log file : ERROR: value too long for type character(80) CONTEXT: COPY flow _*_, line 74771, column as_path_src: "14061 {46652,421001,4210010200,4210010201,4210010202,4210010297,4210010400,4210010402,4210010499..." In my nfacctd config file I've : bgp_aspath_radius: 10 because as_path_src is set to CHAR(80). But seems BGP aggregates break the rules ? Is there anyway to limit / cut down BGP aggregates in column as_path_src ? Thanks =) -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] pgsql tables v8/v9
Dear List, Documentation is pretty fine regarding tables v1 to v7. But what about v8/v9 structures ? Why should I need these one ? Thanks for the feedback -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] /usr/bin/ld: cannot find -lz while building 1.7.2
Le 2018-12-05 15:01, Paolo Lucente a écrit : > Hi Fabien, > > On Debian and similars you need zlib1g-dev installed. Please check and > let me know if that was the issue. > > Paolo > > On Wed, Dec 05, 2018 at 09:36:01AM +0100, Fabien VINCENT wrote: > >> Hi list, >> >> Any help or pointer regarding a make failed as follow : >> >> # make >> >> [...] >> >> CCLD pmacct >> CC pmacctd.o >> CCLD pmacctd >> /usr/bin/ld: cannot find -lz >> collect2: error: ld returned 1 exit status >> Makefile:787: recipe for target 'pmacctd' failed >> make[2]: *** [pmacctd] Error 1 >> make[2]: Leaving directory '/opt/pmacct/github_src/pmacct/src' >> Makefile:1260: recipe for target 'all-recursive' failed >> make[1]: *** [all-recursive] Error 1 >> make[1]: Leaving directory '/opt/pmacct/github_src/pmacct/src' >> Makefile:675: recipe for target 'all-recursive' failed >> make: *** [all-recursive] Error 1 >> >> Any missing libraries on an fresh install perhaps ? >> >> #/usr/bin/ld -lz -verbose >> >> [...] >> == >> attempt to open //usr/local/lib/x86_64-linux-gnu/libz.so failed >> attempt to open //usr/local/lib/x86_64-linux-gnu/libz.a failed >> attempt to open //lib/x86_64-linux-gnu/libz.so failed >> attempt to open //lib/x86_64-linux-gnu/libz.a failed >> attempt to open //usr/lib/x86_64-linux-gnu/libz.so failed >> attempt to open //usr/lib/x86_64-linux-gnu/libz.a failed >> attempt to open //usr/lib/x86_64-linux-gnu64/libz.so failed >> attempt to open //usr/lib/x86_64-linux-gnu64/libz.a failed >> attempt to open //usr/local/lib64/libz.so failed >> attempt to open //usr/local/lib64/libz.a failed >> attempt to open //lib64/libz.so failed >> attempt to open //lib64/libz.a failed >> attempt to open //usr/lib64/libz.so failed >> attempt to open //usr/lib64/libz.a failed >> attempt to open //usr/local/lib/libz.so failed >> attempt to open //usr/local/lib/libz.a failed >> attempt to open //lib/libz.so failed >> attempt to open //lib/libz.a failed >> attempt to open //usr/lib/libz.so failed >> attempt to open //usr/lib/libz.a failed >> attempt to open //usr/x86_64-linux-gnu/lib64/libz.so failed >> attempt to open //usr/x86_64-linux-gnu/lib64/libz.a failed >> attempt to open //usr/x86_64-linux-gnu/lib/libz.so failed >> attempt to open //usr/x86_64-linux-gnu/lib/libz.a failed >> /usr/bin/ld: cannot find -lz >> >> -- >> >> FABIEN VINCENT >> ----------- >> @beufanet >> --- > >> ___ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists Hi Paolo, Yeah, it's on Bionic/18.04 and apt install libzip-dev fixed the build issue ;) Will ask another question in another thread ;) -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] /usr/bin/ld: cannot find -lz while building 1.7.2
Hi list, Any help or pointer regarding a make failed as follow : # make [...] CCLD pmacct CC pmacctd.o CCLD pmacctd /usr/bin/ld: cannot find -lz collect2: error: ld returned 1 exit status Makefile:787: recipe for target 'pmacctd' failed make[2]: *** [pmacctd] Error 1 make[2]: Leaving directory '/opt/pmacct/github_src/pmacct/src' Makefile:1260: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/opt/pmacct/github_src/pmacct/src' Makefile:675: recipe for target 'all-recursive' failed make: *** [all-recursive] Error 1 Any missing libraries on an fresh install perhaps ? #/usr/bin/ld -lz -verbose [...] == attempt to open //usr/local/lib/x86_64-linux-gnu/libz.so failed attempt to open //usr/local/lib/x86_64-linux-gnu/libz.a failed attempt to open //lib/x86_64-linux-gnu/libz.so failed attempt to open //lib/x86_64-linux-gnu/libz.a failed attempt to open //usr/lib/x86_64-linux-gnu/libz.so failed attempt to open //usr/lib/x86_64-linux-gnu/libz.a failed attempt to open //usr/lib/x86_64-linux-gnu64/libz.so failed attempt to open //usr/lib/x86_64-linux-gnu64/libz.a failed attempt to open //usr/local/lib64/libz.so failed attempt to open //usr/local/lib64/libz.a failed attempt to open //lib64/libz.so failed attempt to open //lib64/libz.a failed attempt to open //usr/lib64/libz.so failed attempt to open //usr/lib64/libz.a failed attempt to open //usr/local/lib/libz.so failed attempt to open //usr/local/lib/libz.a failed attempt to open //lib/libz.so failed attempt to open //lib/libz.a failed attempt to open //usr/lib/libz.so failed attempt to open //usr/lib/libz.a failed attempt to open //usr/x86_64-linux-gnu/lib64/libz.so failed attempt to open //usr/x86_64-linux-gnu/lib64/libz.a failed attempt to open //usr/x86_64-linux-gnu/lib/libz.so failed attempt to open //usr/x86_64-linux-gnu/lib/libz.a failed /usr/bin/ld: cannot find -lz -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] print plugin
Hi all, Trying to use the plugin print and seems I have an issue but can't find why aggregate[trafficin]: in_iface, tag2, peer_src_as, src_as, peer_src_ip, peer_dst_ip, std_comm, etype, tcpflags, dst_port, proto plugins: print[trafficin] print_refresh_time: 60 print_history: 1m print_output: json print_output_file: /opt/data/nfacctd-in-%Y%m%d-%H%M.json !print_history_roundoff: m !print_output_file_append: true When starting, it's fine Feb 13 21:56:41 INFO ( default/core ): NetFlow Accounting Daemon, nfacctd 1.7.0-git (20170924-00) Feb 13 21:56:41 INFO ( default/core ): '--build=x86_64-linux-gnu' '--prefix=/usr/local' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--enable-pgsql' '--enable-mysql' '--enable-sqlite3' '--enable-ipv6' '--enable-64bit' '--enable-threads' '--enable-jansFeb 13 21:56:41 INFO ( default/core ): Reading configuration file '/etc/pmacct/nfacctd_in.conf'. Feb 13 21:56:41 INFO ( default/core/BGP ): maximum BGP peers allowed: 100 But after few seconds : Feb 13 21:59:51 INFO ( trafficin/print ): JSON: setting object handlers. Feb 13 21:59:54 WARN ( default/core ): connection lost to 'trafficin-print'; closing connection. Feb 13 21:59:54 WARN ( default/core ): no more plugins active. Shutting down. Same with json and csv. Don't know why but sometimes it work ... > /usr/local/sbin/nfacctd -V NetFlow Accounting Daemon, nfacctd 1.7.0-git (20170924-00) Arguments: '--build=x86_64-linux-gnu' '--prefix=/usr/local' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--enable-pgsql' '--enable-mysql' '--enable-sqlite3' '--enable-ipv6' '--enable-64bit' '--enable-threads' '--enable-jansson' 'build_alias=x86_64-linux-gnu' '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' Libs: libpcap version 1.6.2 MySQL 5.5.58 PostgreSQL 90415 sqlite3 3.8.7.1 jansson 2.7 System: Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 I was trying to do this, because the plugin pipe is missing data even with : plugin_pipe_size: 32768 plugin_buffer_size: 327680 -- FABIEN VINCENT ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] RE on pretag.map
Hi All, Is it possible to have regex on pretag.map ? i.e. I want to match some fwdstatus and tag them in the same manner. Today I do : set_tag2=1 fwdstatus=64 set_tag2=1 fwdstatus=65 set_tag2=1 fwdstatus=66 I want to know if I can do : set_tag2=1 fwdstatus=6[4-6] For example to simply the configuration. Let me know if it's possible to do some re on pretag.map (used inside nfacctd daemon) Thanks :) -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] Dual Stack
Le 2017-10-13 21:30, Paolo Lucente a écrit : > Hi Fabien, > > There was no progress on the OP (that is, choose an IPv4 and an IPv6 > address to listen to; but you can choose an IPv6 or an IPv6 address). > > Any chance you can make a tcpdump of the BGP session and send it over > via unicast email? I have the scenario working perfectly for me (that > is, v4 transport travelling both v4 and v6 AFs). Do you have cases in > which you have a v4 NLRI with a v6 BGP next-hop (*)? That should work > too but may have been a less tested scenario. > > Cheers, > Paolo > > (*) https://tools.ietf.org/html/rfc5549 > > On Wed, Oct 11, 2017 at 10:43:49PM +0200, Fabien VINCENT wrote: Hi List ;) > > Paolo any news on this request ? Checking with IPv4/IPv6 AFI 1/2 over > IPv4 BGP session, but seems next hop are not well populated (almost :: > value) > > I'm wondering if this a bug (git version for fwdstatus patch) or if it's > related to the fact we have AFI2/IPv6 over IPv4 BGP sessions. > > If I can select the BGP listening IPv4 / IPv6 address, I will be > available to find if it's an issue or a PEBKAC ;) > > Thanks for this great tool ;) > > Le 2016-12-11 22:51, Fabien VINCENT a écrit : > > Hi Paolo, > > Happy to give you more work ;) It's not "needed", but it could be great I can > do it. > > I thought about AF in another one, will try to implement / configure it on > ASR and give the trick here for the community/list ;) > > Thanks for your help, great work and quick replies ;) > > Le 2016-12-09 17:54, Paolo Lucente a écrit : Hi Fabien, > > Yes, that is more clear, thanks for elaborating. In short, that is not > currently possible. But the dev of the feature does not appear to be a > biggie either, i've put it on my todo list. The only workaround that > comes to mind, i know i'm saying the obvious, is to pick a transport > (either v4 or v6, that is, not both) for BGP and travel ipv4/ipv6 AFs > (along with any other AF you may need) in that same transport. > > Cheers, > Paolo > > On Wed, Dec 07, 2016 at 09:53:54PM +0100, Fabien VINCENT wrote: Hi Paolo, > > Le 2016-12-07 17:54, Paolo Lucente a écrit : Hi Fabien, > > One step back on your question: you refer to the flow records or to the > transport protocol here? You can travel v4 and v6 records within the > same, say, v4 NetFlow/IPFIX/sFlow transport. This is what all exporters > basically do; are you working with an exporter that is behaving in a > different fashion? Like sending v4 records over a v4 transport and v6 > records into a v6 transport? If i understand your question correctly, > that would be the only case in which it would apply. > > It can be, but this is not what I'm trying to achieve here. > > In any case you can select which v4 or v6 address you want to bind to, > one (or otherwise you bind on all and then filter with iptables for > example), with nfacctd_ip, sfacctd_ip and bgp_daemon_ip (the > address you > listen for NetFlow/IPFIX/sFlow can be different from the BGP one, yes). > > How can I see the BGP daemon to listen on a specific IPv4 and IPv6 ? > I wanted to do it to have both address family. > > I run both nfacctd and sfacctd on the same server and BGP daemon > have to be bind on sepecific seconday ipv4, because they have to > bind both on TCP/179. And I want to do the same with IPv6 at the > same time to have IPv6 sessions with DFZ routers. > > If this answer does not help, please elaborate a bit more on what you > are trying to achieve. > Is this more clear ? > > Thanks ! > > Cheers, > Paolo > > On Tue, Dec 06, 2016 at 01:21:22PM +0100, Fabien VINCENT wrote: Dear list, > > Any help on how to configure sfacctd and nfacctd on dual stack ? > > I mean having both IPv4 and IPv6 running on sfacctd, with collector > enabled on both protocols ? > > I've seen the trick for bgp_daemon_ip, but don't know how to bind to > specific ip4 and ip6 on my server the sfacctd bgp daemon and the > daemon itself. > > Thanks in advance ! > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists Thanks, will have a look soon. -- FABIEN VINCENT --- @beufanet ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] Dual Stack
Hi List ;) Paolo any news on this request ? Checking with IPv4/IPv6 AFI 1/2 over IPv4 BGP session, but seems next hop are not well populated (almost :: value) I'm wondering if this a bug (git version for fwdstatus patch) or if it's related to the fact we have AFI2/IPv6 over IPv4 BGP sessions. If I can select the BGP listening IPv4 / IPv6 address, I will be available to find if it's an issue or a PEBKAC ;) Thanks for this great tool ;) Le 2016-12-11 22:51, Fabien VINCENT a écrit : > Hi Paolo, > > Happy to give you more work ;) It's not "needed", but it could be great I can > do it. > > I thought about AF in another one, will try to implement / configure it on > ASR and give the trick here for the community/list ;) > > Thanks for your help, great work and quick replies ;) > > Le 2016-12-09 17:54, Paolo Lucente a écrit : Hi Fabien, > > Yes, that is more clear, thanks for elaborating. In short, that is not > currently possible. But the dev of the feature does not appear to be a > biggie either, i've put it on my todo list. The only workaround that > comes to mind, i know i'm saying the obvious, is to pick a transport > (either v4 or v6, that is, not both) for BGP and travel ipv4/ipv6 AFs > (along with any other AF you may need) in that same transport. > > Cheers, > Paolo > > On Wed, Dec 07, 2016 at 09:53:54PM +0100, Fabien VINCENT wrote: Hi Paolo, > > Le 2016-12-07 17:54, Paolo Lucente a écrit : Hi Fabien, > > One step back on your question: you refer to the flow records or to the > transport protocol here? You can travel v4 and v6 records within the > same, say, v4 NetFlow/IPFIX/sFlow transport. This is what all exporters > basically do; are you working with an exporter that is behaving in a > different fashion? Like sending v4 records over a v4 transport and v6 > records into a v6 transport? If i understand your question correctly, > that would be the only case in which it would apply. > > It can be, but this is not what I'm trying to achieve here. > > In any case you can select which v4 or v6 address you want to bind to, > one (or otherwise you bind on all and then filter with iptables for > example), with nfacctd_ip, sfacctd_ip and bgp_daemon_ip (the > address you > listen for NetFlow/IPFIX/sFlow can be different from the BGP one, yes). > > How can I see the BGP daemon to listen on a specific IPv4 and IPv6 ? > I wanted to do it to have both address family. > > I run both nfacctd and sfacctd on the same server and BGP daemon > have to be bind on sepecific seconday ipv4, because they have to > bind both on TCP/179. And I want to do the same with IPv6 at the > same time to have IPv6 sessions with DFZ routers. > > If this answer does not help, please elaborate a bit more on what you > are trying to achieve. > Is this more clear ? > > Thanks ! > > Cheers, > Paolo > > On Tue, Dec 06, 2016 at 01:21:22PM +0100, Fabien VINCENT wrote: Dear list, > > Any help on how to configure sfacctd and nfacctd on dual stack ? > > I mean having both IPv4 and IPv6 running on sfacctd, with collector > enabled on both protocols ? > > I've seen the trick for bgp_daemon_ip, but don't know how to bind to > specific ip4 and ip6 on my server the sfacctd bgp daemon and the > daemon itself. > > Thanks in advance ! > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] fswstatus
Le 2017-09-25 14:33, Paolo Lucente a écrit : > Hi Fabien, > > I support Emil's comment, just tried myself (same build, same compile > options as yours) and i don't get the 'unknown key' message back. On > your other question, when 1.7.0 will be out: later today the code in > GitHub master will be switched to 1.7.1 and 1.7.0 will be branched out > (freeed). I then expect 1.7.0 bo the released in a couple of weeks from > today, if no major issue is hit meanwhile. > > Paolo > > On Mon, Sep 25, 2017 at 10:45:38AM +0100, Emil wrote: Hello Fabien. > > I wrote the patch for fwdstatus; > my config looks like this: > > ! Only tag denys with 10 > set_tag2=10 fwdstatus=129 > set_tag2=20 fwdstatus=64 > > And it works. Can you check your source code and look for > "PT_map_fwdstatus_handler" > in src/pretag_handlers.c If that is present it _should_ work. > > Best Regards. > > 2017-09-25 8:22 GMT+01:00 Fabien VINCENT <fab...@beufa.net>: > > Le 2017-09-25 03:41, Paolo Lucente a écrit : > > Hi Fabien, > > What version are you running? You can confirm this with a 'nfacctd -V'; > the feature was added in 1.7.0 (that is, master code on GitHub). I can > also confirm you, on your original question, that an atoi() is performed > on the input value - so you should express values in decimal. > > Paolo > > On Sun, Sep 24, 2017 at 10:28:22PM +0200, Fabien VINCENT wrote: > > Le 2017-09-22 15:23, Fabien VINCENT a écrit : > > Hi, > > I'm looking for some examples around fwdstatus on pretag > > _'fwdstatus' MATCH: In NFv9/IPFIX this is compared against IE #89; see > https://www.iana.org/assignments/ipfix/ipfix.xhtml for the specific > semantics of the field and some examples._ > > How to use it ? I was looking to do king of pretag like > > set_tag=0 fwdstatus=00b > > set_tag=1 fwdstatus=01b > > set_tag=2 fwdstatus=10b > > Is it the way of dealing with this parameter ? > > -- > > FABIEN VINCENT > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > Is the option available ? > Sep 24 22:30:13 INFO ( default/core ): Trying to (re)load map: > /etc/pmacct/nfacctd.pretag.map > Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line > 1 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored. > Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line > 2 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored. > > [22:30 root@netflows pmacct-master] > cat /etc/pmacct/nfacctd.pretag.map > set_tag=1 fwdstatus=65 > set_tag=2 fwdstatus=138 > > -- > > FABIEN VINCENT > --- > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > I'm running the git master version (I tried) > > [15:36 root@netflows opt] > /usr/local/sbin/nfacctd -V > NetFlow Accounting Daemon, nfacctd 1.7.0-git (20170924-00) > > Arguments: > '--build=x86_64-linux-gnu' '--prefix=/usr/local' > '--includedir=${prefix}/include' > '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' > '--sysconfdir=/etc' '--localstatedir=/var' > '--libdir=/usr/lib/x86_64-linux-gnu' > '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' > '--disable-dependency-tracking' '--enable-mmap' '--enable-pgsql' > '--with-pgsql-includes=/usr/include/postgresql' '--enable-mysql' > '--enable-sqlite3' '--enable-ipv6' '--enable-v4-mapped' '--enable-64bit' > '--enable-threads' '--enable-jansson' '--enable-geoip' '--enable-ulog' > 'build_alias=x86_64-linux-gnu' '--enable-l2' '--enable-traffic-bins' > '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' > > Libs: > libpcap version 1.6.2 > MySQL 5.5.57 > PostgreSQL 90413 > sqlite3 3.8.7.1 > jansson 2.7 > > System: > Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 > > For suggestions, critics, bugs, contact me: Paolo Lucente < > pa...@pmacct.net>. > > But seems option not catched, I've always the log > > unknown key 'fwdstatus' at line > 1 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored. > > [09:23 root@netflows opt] > cat /etc/pmacct/nfacctd.pretag.map > set_tag=1 fwdstatus=65 > set_tag=2 fwdstatus=138 > > Any ETA for v1.7.0 out ? > > Thanks for your help. > > -- > *Fabien VINCENT* > --- > > ___ > pmacct-discussion mailing list > http://www.pmacct
Re: [pmacct-discussion] fswstatus
Le 2017-09-22 15:23, Fabien VINCENT a écrit : > Hi, > > I'm looking for some examples around fwdstatus on pretag > > _'fwdstatus' MATCH: In NFv9/IPFIX this is compared against IE #89; see > https://www.iana.org/assignments/ipfix/ipfix.xhtml for the specific semantics > of the field and some examples._ > > How to use it ? I was looking to do king of pretag like > > set_tag=0 fwdstatus=00b > > set_tag=1 fwdstatus=01b > > set_tag=2 fwdstatus=10b > > Is it the way of dealing with this parameter ? > > -- > > FABIEN VINCENT > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists Is the option available ? Sep 24 22:30:13 INFO ( default/core ): Trying to (re)load map: /etc/pmacct/nfacctd.pretag.map Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line 1 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored. Sep 24 22:30:13 ERROR ( default/core ): unknown key 'fwdstatus' at line 2 in map '/etc/pmacct/nfacctd.pretag.map'. Ignored. [22:30 root@netflows pmacct-master] > cat /etc/pmacct/nfacctd.pretag.map set_tag=1 fwdstatus=65 set_tag=2 fwdstatus=138 -- FABIEN VINCENT ---___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] fswstatus
Hi, I'm looking for some examples around fwdstatus on pretag _'fwdstatus' MATCH: In NFv9/IPFIX this is compared against IE #89; see https://www.iana.org/assignments/ipfix/ipfix.xhtml for the specific semantics of the field and some examples._ How to use it ? I was looking to do king of pretag like set_tag=0 fwdstatus=00b set_tag=1 fwdstatus=01b set_tag=2 fwdstatus=10b Is it the way of dealing with this parameter ? -- FABIEN VINCENT___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] Dual Stack
Hi Paolo, Le 2016-12-07 17:54, Paolo Lucente a écrit : Hi Fabien, One step back on your question: you refer to the flow records or to the transport protocol here? You can travel v4 and v6 records within the same, say, v4 NetFlow/IPFIX/sFlow transport. This is what all exporters basically do; are you working with an exporter that is behaving in a different fashion? Like sending v4 records over a v4 transport and v6 records into a v6 transport? If i understand your question correctly, that would be the only case in which it would apply. It can be, but this is not what I'm trying to achieve here. In any case you can select which v4 or v6 address you want to bind to, one (or otherwise you bind on all and then filter with iptables for example), with nfacctd_ip, sfacctd_ip and bgp_daemon_ip (the address you listen for NetFlow/IPFIX/sFlow can be different from the BGP one, yes). How can I see the BGP daemon to listen on a specific IPv4 and IPv6 ? I wanted to do it to have both address family. I run both nfacctd and sfacctd on the same server and BGP daemon have to be bind on sepecific seconday ipv4, because they have to bind both on TCP/179. And I want to do the same with IPv6 at the same time to have IPv6 sessions with DFZ routers. If this answer does not help, please elaborate a bit more on what you are trying to achieve. Is this more clear ? Thanks ! Cheers, Paolo On Tue, Dec 06, 2016 at 01:21:22PM +0100, Fabien VINCENT wrote: Dear list, Any help on how to configure sfacctd and nfacctd on dual stack ? I mean having both IPv4 and IPv6 running on sfacctd, with collector enabled on both protocols ? I've seen the trick for bgp_daemon_ip, but don't know how to bind to specific ip4 and ip6 on my server the sfacctd bgp daemon and the daemon itself. Thanks in advance ! ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Dual Stack
Dear list, Any help on how to configure sfacctd and nfacctd on dual stack ? I mean having both IPv4 and IPv6 running on sfacctd, with collector enabled on both protocols ? I've seen the trick for bgp_daemon_ip, but don't know how to bind to specific ip4 and ip6 on my server the sfacctd bgp daemon and the daemon itself. Thanks in advance ! ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] nfacctd : lost out_iface index
I found the problem, tried to install first with debian package : > /usr/bin/pmacct -V pmacct, pmacct client 1.5.0 (20140828-00) --build=x86_64-linux-gnu --prefix=/usr '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' --sysconfdir=/etc --localstatedir=/var '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' --disable-maintainer-mode --disable-dependency-tracking --enable-mmap --enable-pgsql --with-pgsql-includes=/usr/include/postgresql --enable-mysql --enable-sqlite3 --enable-ipv6 --enable-v4-mapped --enable-64bit --enable-threads --enable-jansson --enable-geoip --enable-rabbitmq --enable-ulog For suggestions, critics, bugs, contact me: Paolo Lucente <pa...@pmacct.net>. But I used the compiled version :( > /usr/local/bin/pmacct -V pmacct, pmacct client 1.5.3 (20160114-00) --enable-jansson --enable-ipv6 For suggestions, critics, bugs, contact me: Paolo Lucente <pa...@pmacct.net>. Sorry for the noise. Anyway, I found something strange. When I activate more than 1 memory plugin with another aggregate, values are becoming inaccurate :( Still digging but don't know why with communities aggregate I start to have inaccurate values. Will drop a message when I have time to dig into. Le 2016-08-15 14:18, Paolo Lucente a écrit : Hi Fabien, Can you better describe "This was working before"? In a previous version of pmacct, doing a different query, with a different plugin? Your config looks simple enough and correct - and i could not reproduce the issue in lab. Did you check with wireshark, for example, the original NetFlow data? Does it contain the output interface info? Cheers, Paolo On Fri, Aug 12, 2016 at 11:21:26AM +0200, Fabien VINCENT wrote: Hello all, This was working before, but don't know why I lost the information : [11:16 ~] > pmacct -se -p /tmp/traffic_out.pipe | more OUT_IFACE AS_PATH PEER_SRC_IP PACKETS BYTES 0 9498_9829_9829_9829 a.b.c.d 0 23200100 0 20764_60299_34703_34703_34703 a.b.c.d 0 3239624986 0 286_34984_34984_34984_16135 a.b.c.d 0 3441282336 My nfacctd config file : ! nfacctd configuration daemonize: true pidfile: /var/run/nfacctd.pid logfile: /var/log/nfacctd.log nfacctd_time_new: true aggregate[traffic_out]: out_iface, peer_src_ip, as_path plugins: memory[traffic_out] imt_path[traffic_out]: /tmp/traffic_out.pipe plugin_pipe_size: 819200 plugin_buffer_size: 8192000 imt_buckets: 65537 imt_mem_pools_size: 65536 imt_mem_pools_number: 0 bgp_daemon: true bgp_daemon_max_peers: 100 bgp_daemon_ip: x.y.z.w bgp_peer_src_as_type: bgp bgp_src_as_path_type: bgp bgp_src_std_comm_type: bgp bgp_table_dump_file: /opt/pmacct/output/bgp-$peer_src_ip.dump bgp_table_dump_refresh_time: 3600 nfacctd_as_new: bgp nfacctd_renormalize: true nfacctd_ext_sampling_rate: 4000 nfacctd_disable_checks: true My nfacctd version : [11:20 ] > nfacctd -V NetFlow Accounting Daemon, nfacctd 1.5.3 (20160114-00) --enable-jansson --enable-ipv6 For suggestions, critics, bugs, contact me: Paolo Lucente <pa...@pmacct.net>. Thanks for your help ! ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] nfacctd : lost out_iface index
Hello all, This was working before, but don't know why I lost the information : [11:16 ~] > pmacct -se -p /tmp/traffic_out.pipe | more OUT_IFACE AS_PATH PEER_SRC_IP PACKETS BYTES 0 9498_9829_9829_9829 a.b.c.d 0 23200100 0 20764_60299_34703_34703_34703 a.b.c.d 0 3239624986 0 286_34984_34984_34984_16135 a.b.c.d 0 3441282336 My nfacctd config file : ! nfacctd configuration daemonize: true pidfile: /var/run/nfacctd.pid logfile: /var/log/nfacctd.log nfacctd_time_new: true aggregate[traffic_out]: out_iface, peer_src_ip, as_path plugins: memory[traffic_out] imt_path[traffic_out]: /tmp/traffic_out.pipe plugin_pipe_size: 819200 plugin_buffer_size: 8192000 imt_buckets: 65537 imt_mem_pools_size: 65536 imt_mem_pools_number: 0 bgp_daemon: true bgp_daemon_max_peers: 100 bgp_daemon_ip: x.y.z.w bgp_peer_src_as_type: bgp bgp_src_as_path_type: bgp bgp_src_std_comm_type: bgp bgp_table_dump_file: /opt/pmacct/output/bgp-$peer_src_ip.dump bgp_table_dump_refresh_time: 3600 nfacctd_as_new: bgp nfacctd_renormalize: true nfacctd_ext_sampling_rate: 4000 nfacctd_disable_checks: true My nfacctd version : [11:20 ] > nfacctd -V NetFlow Accounting Daemon, nfacctd 1.5.3 (20160114-00) --enable-jansson --enable-ipv6 For suggestions, critics, bugs, contact me: Paolo Lucente. Thanks for your help ! ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmacct -se error
Thanks, finally, I found it was a init.d script problem. When launching from bash using -D, everything works fine. I tweek the init.d script and everything are fine. Great tool ;) Already loving it :D Le 2016-03-24 00:06, Paolo Lucente a écrit : Hi Fabien, Is it possible a stale nfacctd is still running and bound to the port? Or that on the system there is also a pmacct from packages? If neither of these would be the case then i'd be puzzled myself and would be happy to have a look at the issue myself. Cheers, Paolo On Tue, Mar 22, 2016 at 11:30:01AM +0100, Fabien VINCENT wrote: Dear List, I've just installed pmacct from source to run an nfacctd collector for netflow/bgp. When trying to execute a script to push data from pmacct to graphite, which run pmacct -se, I've the following error. [11:21 root@pmacct ~] > pmacct -se ERROR: IP address sizes mismatch. daemon: 20 client: 8 ERROR: It's very likely that an IPv6-enabled package has been mixed with a IPv4-only one. ERROR: Please fix the issue before trying again. How can I fix it ? I've disabled all IPv6 on the machine, and can't find documentation about the reason of this error. Thanks for your help ;) ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] pmacct -se error
Dear List, I've just installed pmacct from source to run an nfacctd collector for netflow/bgp. When trying to execute a script to push data from pmacct to graphite, which run pmacct -se, I've the following error. [11:21 root@pmacct ~] > pmacct -se ERROR: IP address sizes mismatch. daemon: 20 client: 8 ERROR: It's very likely that an IPv6-enabled package has been mixed with a IPv4-only one. ERROR: Please fix the issue before trying again. How can I fix it ? I've disabled all IPv6 on the machine, and can't find documentation about the reason of this error. Thanks for your help ;) ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists