subject:"\[pmacct\-discussion\] Uacctd doesn't list any flow"

[pmacct-discussion] Uacctd doesn't list any flow

2015-01-13 Thread Marco Marzetti


Hello,

I'm not able to get uacctd working.

First of all i've configured iptables as follow:

# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source   destination
NFLOG  all  --  0.0.0.0/00.0.0.0/0 nflog-group 5

Than i've checked that is working with tcpdump:
# tcpdump -i nflog:5 -w foo.pcap
tcpdump: WARNING: SIOCGIFADDR: nflog:5: No such device
tcpdump: listening on nflog:5, link-type NFLOG (Linux netfilter log 
messages), capture size 65535 bytes

^C23 packets captured
23 packets received by filter
0 packets dropped by kernel

And, despite the warning about the interface, the file named foo.pcap 
contains the received packets.


So i've started up uacctd as follows:
# uacctd -P print -r 15 -v 7 -c src_host,src_port -g 5 -d
DEBUG ( cmdline ): plugin name/type: 'default'/'core'.
DEBUG ( cmdline ): plugin name/type: 'default'/'print'.
DEBUG ( cmdline ): sql_refresh_time:15
DEBUG ( cmdline ): sql_table_version:7
DEBUG ( cmdline ): aggregate:src_host,src_port
DEBUG ( cmdline ): uacctd_group:5
DEBUG ( cmdline ): debug:true
INFO ( default/core ): Reading configuration from cmdline.
INFO ( default/print ): plugin_pipe_size=4096000 bytes 
plugin_buffer_size=232 bytes
INFO ( default/print ): ctrl channel: obtained=229376 bytes 
target=141240 bytes

INFO ( default/core ): Successfully connected Netlink ULOG socket
INFO ( default/core ): Netlink ULOG: binding to group 10
SRC_IP SRC_PORT 
PACKETS   BYTES


But it does not list any flows, ever.

What is most unclear ( at list to me ) are these two lines:
DEBUG ( cmdline ): uacctd_group:5
INFO ( default/core ): Netlink ULOG: binding to group 10

What group is uacctd listening to?
Number 5 or number 10 ?

Anyway i've changed the iptables configuration explicitly copying 
packets to group 10, but nothing changed.


What's wrong?

Thank You

Regards

--
*Marco Marzetti*
Responsabile RD
D 0363 1970353 - F 0363 1970297
Qcom http://www.qcom.it/ 	*Qcom SpA* via Roggia Vignola, 9 - Treviglio 
(BG)

T 0363 47905 - F 0363 419424 - www.qcom.it http://www.qcom.it

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Uacctd doesn't list any flow

2015-01-13 Thread Paolo Lucente

Hi Marco,

The catch should be that you are using the NFLOG target rather than 
the ULOG target (legacy). One limitation of ULOG compared to NFLOG is
it does not support IPv6. There are currently no plans to extend the
daemon to support the NFLOG socket.

With regards to group 5 vs group 10, that 10 is hex representation -
i've just changed the code in the CVS so to show the group with decimal
representation (as one would expect).

Cheers,
Paolo 

On Tue, Jan 13, 2015 at 01:08:48PM +0100, Marco Marzetti wrote:
 Hello,
 
 I'm not able to get uacctd working.
 
 First of all i've configured iptables as follow:
 
 # iptables -L -n
 Chain INPUT (policy ACCEPT)
 target prot opt source   destination
 NFLOG  all  --  0.0.0.0/00.0.0.0/0 nflog-group 5
 
 Than i've checked that is working with tcpdump:
 # tcpdump -i nflog:5 -w foo.pcap
 tcpdump: WARNING: SIOCGIFADDR: nflog:5: No such device
 tcpdump: listening on nflog:5, link-type NFLOG (Linux netfilter log
 messages), capture size 65535 bytes
 ^C23 packets captured
 23 packets received by filter
 0 packets dropped by kernel
 
 And, despite the warning about the interface, the file named
 foo.pcap contains the received packets.
 
 So i've started up uacctd as follows:
 # uacctd -P print -r 15 -v 7 -c src_host,src_port -g 5 -d
 DEBUG ( cmdline ): plugin name/type: 'default'/'core'.
 DEBUG ( cmdline ): plugin name/type: 'default'/'print'.
 DEBUG ( cmdline ): sql_refresh_time:15
 DEBUG ( cmdline ): sql_table_version:7
 DEBUG ( cmdline ): aggregate:src_host,src_port
 DEBUG ( cmdline ): uacctd_group:5
 DEBUG ( cmdline ): debug:true
 INFO ( default/core ): Reading configuration from cmdline.
 INFO ( default/print ): plugin_pipe_size=4096000 bytes
 plugin_buffer_size=232 bytes
 INFO ( default/print ): ctrl channel: obtained=229376 bytes
 target=141240 bytes
 INFO ( default/core ): Successfully connected Netlink ULOG socket
 INFO ( default/core ): Netlink ULOG: binding to group 10
 SRC_IP SRC_PORT PACKETS
 BYTES
 
 But it does not list any flows, ever.
 
 What is most unclear ( at list to me ) are these two lines:
 DEBUG ( cmdline ): uacctd_group:5
 INFO ( default/core ): Netlink ULOG: binding to group 10
 
 What group is uacctd listening to?
 Number 5 or number 10 ?
 
 Anyway i've changed the iptables configuration explicitly copying
 packets to group 10, but nothing changed.
 
 What's wrong?
 
 Thank You
 
 Regards
 
 -- 
 *Marco Marzetti*
 Responsabile RD
 D 0363 1970353 - F 0363 1970297
 Qcom http://www.qcom.it/*Qcom SpA* via Roggia Vignola, 9 -
 Treviglio (BG)
 T 0363 47905 - F 0363 419424 - www.qcom.it http://www.qcom.it
 

 ___
 pmacct-discussion mailing list
 http://www.pmacct.net/#mailinglists


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Uacctd doesn't list any flow

Re: [pmacct-discussion] Uacctd doesn't list any flow

2 matches

Site Navigation

Mail list logo

Footer information