We're having some issues using nfacctd with IMT.. After running for
~6-8 hours ingesting flow data, we see segfaults and the pmacct client
ceases to function properly returning:
"ERROR: missing EOF from server"
Querying pmacct client every 2 minutes with:
pmacct -p nfacctd-dst.pipe -O json -a -c
ee if it could
> be something related to that? Also, can you try performing a query
> with lock:
>
> shell> pmacct -l < .. parameters .. >
>
> If none of this helps, then yes, proceed to capture segfault data
> with gdb.
>
> Cheers,
> Paolo
>
> On Fri, Jun 20, 2
It doesn't actually appear to be clearing the statistics that cause
the memory to balloon.. I've started clearing both imt tables I have
setup every 2 minutes and:
# ps aux | grep -e 'USER\|nfacct'
USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND
root 1512 0.0 6.7 20
Is there any way to determine the amount of time that an IMT has been
collecting data since it last had it's stats cleared?
--
Tim
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
cript something for the shorter-term.
>
> Cheers,
> Paolo
>
> On Mon, Nov 10, 2014 at 10:45:47AM -0800, Tim Jackson wrote:
>> Is there any way to determine the amount of time that an IMT has been
>> collecting data since it last had it's stats cleared?
>>
&g
Are there any pracitcal limitations to the pretagging file? Slipped up
on filtering the interfaces that generate this file and it seemed to
start but not actually push any traffic into the IMT..
(The file was ~120k entries)
--
Tim
___
pmacct-discussion
I too use pmacct to insert data into ElasticSearch..
One super helpful thing that Paolo added in CVS a few weeks ago is a
command line option to return how many seconds it's been since the IMT
has been cleared.. This allows you to calculate a BPS/PPS value to
insert (or for DoS detection, etc).
H
I don't output to JSON files then import, but I use perl to basically
do the same thing.. Query the pmacct IMT for how long it's been since
it was last cleared, query it for data, clear it, add more data to the
record(s) based on some imports and insert them into elasticsearch..
Using the IMT as a
If the probe is doing sampling, you can have pmacct re-normalize sampling
via either a static sampling value, or via the flow/ipfix information that
tells it how it was sampled..
sample_rate:
sample_map:
(s|n|p|u)facctd_renormalize:true
If you're using a tap that samples traffic, you can tell t
Just curious, what's the realistic scaling of pre_tag_map?
I'm looking to maybe put 50k+ entries in it and reload it every few
minutes..
Any real gotchas w/ that approach?
--
Tim
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
ain i'd be interested in your use-case, how the map would look
> like, etc.
>
> Paolo
>
> (*) https://github.com/pmacct/pmacct/blob/1.7.4/CONFIG-KEYS#L1878-#L1891
>
> On Tue, Feb 11, 2020 at 05:54:27PM -0600, Tim Jackson wrote:
> > Just curious, what's the realis
I'm using some large hex values as the set_label in our pre_tag_map and
getting some weird behavior..
example map:
https://paste.somuch.fail/?bafc96e84fe95322#j6T+54l/gxN90POeMi3yuhBT9XOPMmEqt3IF5cvHOJk=
When using this w/ pgsql as the output plugin, I see some errors randomly
from postgres (I h
I've done similar with the IMT and Perl years ago:
https://houstongrackles.com/~tjackson/flows_to_es/
Relevant part in Perl:
sub retrieve_flows {
my $pipe = shift;
my $primitive = shift;
my $filter = shift;
my @flows = `/usr/local/bin/pmacct -p $pipe -l -O json -c
13 matches
Mail list logo
