Hi Marco,
The catch should be that you are using the NFLOG target rather than
the ULOG target (legacy). One limitation of ULOG compared to NFLOG is
it does not support IPv6. There are currently no plans to extend the
daemon to support the NFLOG socket.
With regards to group 5 vs group 10, that 10 is hex representation -
i've just changed the code in the CVS so to show the group with decimal
representation (as one would expect).
Cheers,
Paolo
On Tue, Jan 13, 2015 at 01:08:48PM +0100, Marco Marzetti wrote:
Hello,
I'm not able to get uacctd working.
First of all i've configured iptables as follow:
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
NFLOG all -- 0.0.0.0/00.0.0.0/0 nflog-group 5
Than i've checked that is working with tcpdump:
# tcpdump -i nflog:5 -w foo.pcap
tcpdump: WARNING: SIOCGIFADDR: nflog:5: No such device
tcpdump: listening on nflog:5, link-type NFLOG (Linux netfilter log
messages), capture size 65535 bytes
^C23 packets captured
23 packets received by filter
0 packets dropped by kernel
And, despite the warning about the interface, the file named
foo.pcap contains the received packets.
So i've started up uacctd as follows:
# uacctd -P print -r 15 -v 7 -c src_host,src_port -g 5 -d
DEBUG ( cmdline ): plugin name/type: 'default'/'core'.
DEBUG ( cmdline ): plugin name/type: 'default'/'print'.
DEBUG ( cmdline ): sql_refresh_time:15
DEBUG ( cmdline ): sql_table_version:7
DEBUG ( cmdline ): aggregate:src_host,src_port
DEBUG ( cmdline ): uacctd_group:5
DEBUG ( cmdline ): debug:true
INFO ( default/core ): Reading configuration from cmdline.
INFO ( default/print ): plugin_pipe_size=4096000 bytes
plugin_buffer_size=232 bytes
INFO ( default/print ): ctrl channel: obtained=229376 bytes
target=141240 bytes
INFO ( default/core ): Successfully connected Netlink ULOG socket
INFO ( default/core ): Netlink ULOG: binding to group 10
SRC_IP SRC_PORT PACKETS
BYTES
But it does not list any flows, ever.
What is most unclear ( at list to me ) are these two lines:
DEBUG ( cmdline ): uacctd_group:5
INFO ( default/core ): Netlink ULOG: binding to group 10
What group is uacctd listening to?
Number 5 or number 10 ?
Anyway i've changed the iptables configuration explicitly copying
packets to group 10, but nothing changed.
What's wrong?
Thank You
Regards
--
*Marco Marzetti*
Responsabile RD
D 0363 1970353 - F 0363 1970297
Qcom http://www.qcom.it/*Qcom SpA* via Roggia Vignola, 9 -
Treviglio (BG)
T 0363 47905 - F 0363 419424 - www.qcom.it http://www.qcom.it
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists