Hi Marek, Thanks for your feedback about QUICKSTART - you are correct and i've amended the couple of errors you spotted.
I can spot two issues with your configuration: * you give the same name, 'inbound' and 'outbound' to multiple plugins (one nfprobe, one memory): each plugin should have a different name. * try leaving the two nfprobe plugins without an explicit 'aggregate' directive, it should automagically pick for you all the primitives you need basing on the rest of the configuration. If you want to go the explicit way then append 'in_iface' and 'out_iface' primitives to your nfprobe 'aggregate' directives. I'm instead puzzled on why the source/destination ASNs would be zeroed out - but i propose start from the two points above and let's take it from there. Cheers, Paolo On Sat, May 04, 2013 at 04:16:18AM +0200, sidlo.ma...@gmail.com wrote: > Hi Paolo. > > I read carefully CONFIG-KEYS, QUICKSTART chapter X and example > files. I attach my config file below. When I use "pmacct -s -p > /tmp/collect.pipe-eth0-out" I can see: > > TAG TAG2 DST_AS SRC_IP DST_IP SRC_PORT DST_PORT PACKETS BYTES > 2 200 559 YY.YY.YY.33 192.41.135.219 0 0 2 56 > 2 200 9141 YY.YY.YY.6 62.179.1.61 53 27059 1 198 > 2 200 8048 YY.YY.YY.6 186.88.43.84 53 59784 1 244 > > It look's ok. But I can see (by capturing the cflow packets by > wireshark) that now there is no defined dst_as, src_as and in > ifindex_in/out (NF9_INPUT_SNMP oct.10 and NF9_OUTPUT_SNMP oct.14) > there is always "0". Could you show me, what is wrong with the > configuration below? > > > [...] > daemonize: true > imt_path[inbound]: /tmp/collect.pipe-eth0-in > imt_path[outbound]: /tmp/collect.pipe-eth0-out > pidfile: /var/run/pmacctd.pid > logfile: /usr/local/pmacct/current/eth0.log > interface: eth0 > ! > aggregate[inbound]: tag, tag2, src_host, dst_host, src_port, > dst_port, src_as > aggregate[outbound]: tag, tag2, src_host, dst_host, src_port, > dst_port, dst_as > aggregate_filter[inbound]: dst net YY.YY.YY.0/23 > aggregate_filter[outbound]: src net YY.YY.YY.0/23 > ! > plugins: memory[inbound],memory[outbound],nfprobe[inbound],nfprobe[outbound] > ! > nfprobe_receiver: 192.168.35.35:2000 > nfprobe_source_ip: YY.YY.YY.YY > nfprobe_version: 9 > nfprobe_direction[inbound]: tag > nfprobe_direction[outbound]: tag > nfprobe_ifindex[inbound]: tag2 > nfprobe_ifindex[outbound]: tag2 > pre_tag_map: /usr/local/pmacct/current/etc/pretag.map-eth0 > ! > pmacctd_as: bgp > bgp_daemon: true > bgp_daemon_ip: 127.0.0.1 > bgp_agent_map: /usr/local/pmacct/current/etc/agent_to_peer.map-eth0 > bgp_daemon_port: 17917 > bgp_daemon_msglog: false > plugin_pipe_size: 2000000 > plugin_buffer_size: 1000 > imt_mem_pools_number: 0 > [...] > > agent_to_peer.map-eth0 is: > id=YY.YY.YY.YY ip=127.0.0.1 > > and pretag.map-eth0 is: > id=1 filter='dst net YY.YY.YY.0/23' jeq=input > id=2 filter='src net YY.YY.YY.0/23' jeq=output > id2=100 label=input > id2=200 label=output > > > By the way, when I configure (like in "QUICKSTART chapter X") the > nfprobe_direction and nfprobe_ifindex without [inbound/outbound] > name there is an error occured in running pmacctd: > [...] > nfprobe_direction and sfprobe_direction cannot be global. Not loaded. > nfprobe_ifindex and sfprobe_ifindex cannot be global. Not loaded. > [...] > ??? > > > Regards > -- > Mark > > > > > > W dniu 03.05.2013 19:07, Paolo Lucente pisze: > >Hi Marek, > > > >It seems you want nfprobe_ifindex and/or nfprobe_direction features; > >you can read brief description in CONFIG-KEYS, some more explanation > >about them in QUICKSTART chapter X - where you can also find a couple > >of examples. > > > >Depending on the specific scenario you might want to keep it simple > >(and lightweight) and configure it static - or make it dynamic, ie. > >basing on MAC addresses. > > > >Cheers, > >Paolo > > > >On Fri, May 03, 2013 at 03:34:40PM +0200, sidlo.ma...@gmail.com wrote: > >>Hi again. > >> > >>I'd like to use pmaccts on gateway to send netflow information to > >>other machine. On the other machine I install as-stats to read > >>netflow and make it visable by the web side. > >> > >>I know, that as-stats use the SNMP interface ID to identity the > >>peers (file knownlinks in as-stats). But I don't know how to choose > >>and send the SNMP interface ID by pmacct (nfprobe), of course > >>differet ID sould by send by one instance pmacct (eth0) and differet > >>ID by second instance of pmacct (eth1). Could you give me the way > >>where and how to do it? > >> > >>I have two interfaces on gateway and two peers with bgp sessions. I > >>have already install pmacct successfuly working with bgp_daemon on > >>the same gateway. The SRC_AS and DST_AS is visible by pmacct -s on > >>the gateway. > >> > >>Becouse I have two interfaces on gateway I configure and run two > >>instance of pmacct with peering bgp session with 127.0.0.1 and > >>127.0.0.2 localhost. The pmacct -s look's like both pmaccts (on eth0 > >>and other instance on eth1) works ok, becouse the SRC_AS, DST_AS, > >>SRC_IP, DST_IP and other is true value. > >> > >>But now, I have trouble to send netflow by nfprobe and read it by > >>as-stats. It seems, that some data is going into the as-stats (the > >>rrd file is created), but on the web side there is no traffic. I > >>think the rrd file have no traffic information. > >> > >>as-stats use the SNMP interface ID to identity the peers, but I > >>don't know how to choose and send the SNMP interface ID by pmacct > >>(nfprobe). I will be grateful for any advice. > >> > >> > >>Configuration of one pmacctd (eth0) is: > >>[ .. ] > >>daemonize: true > >>imt_path: /tmp/collect.pipe-eth0 > >>pidfile: /var/run/pmacctd.pid > >>logfile: /usr/local/pmacct/current/nfacctd-eth0.log > >>syslog: daemon > >>interface: eth0 > >>aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, > >>proto, tos > >>plugins: nfprobe, memory > >>nfprobe_receiver: 192.168.35.35:2000 > >>nfprobe_source_ip: YY.YY.YY.YY > >>nfprobe_version: 9 > >>nfprobe_engine: 0:2 > >>pmacctd_as: bgp > >>bgp_daemon: true > >>bgp_daemon_ip: 127.0.0.1 > >>bgp_agent_map: /usr/local/pmacct/current/etc/agent_to_peer.map > >>bgp_daemon_port: 17917 > >>bgp_daemon_msglog: false > >>plugin_pipe_size: 2000000 > >>plugin_buffer_size: 1000 > >>imt_mem_pools_number: 0 > >>[ .. ] > >> > >> > >>Configuration of second instance of pmacctd (eth1) is very similar: > >>[ .. ] > >>daemonize: true > >>imt_path: /tmp/collect.pipe-eth1 > >>pidfile: /var/run/pmacctd.pid > >>logfile: /usr/local/pmacct/current/nfacctd-eth1.log > >>syslog: daemon > >>interface: eth1 > >>aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, > >>proto, tos > >>plugins: nfprobe, memory > >>nfprobe_receiver: 192.168.35.35:2000 > >>nfprobe_source_ip: YY.YY.YY.YY > >>nfprobe_version: 9 > >>nfprobe_engine: 0:3 > >>pmacctd_as: bgp > >>bgp_daemon: true > >>bgp_daemon_ip: 127.0.0.2 > >>bgp_agent_map: /usr/local/pmacct/current/etc/agent_to_peer.map > >>bgp_daemon_port: 17917 > >>bgp_daemon_msglog: false > >>plugin_pipe_size: 2000000 > >>plugin_buffer_size: 1000 > >>imt_mem_pools_number: 0 > >>[ .. ] > >> > >> > >>The agent_to_peer.map file is: > >>id=91.242.174.1 ip=127.0.0.1 > >> > >> > >>The "knownlinks" as-stats file is: > >># Router IP SNMP ifindex tag description color > >>YY.YY.YY.YY 2 GTS GTS 5EA631 > >>YY.YY.YY.YY 3 NETIA NETIA E45605 > >> > >> > >>Thank's for any advice. > >> > >> > >>-- > >>Mark. > >> > >>_______________________________________________ > >>pmacct-discussion mailing list > >>http://www.pmacct.net/#mailinglists > > > >_______________________________________________ > >pmacct-discussion mailing list > >http://www.pmacct.net/#mailinglists > > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
