Paolo Thanks, proved most helpfull. I'll have a look at the pcap_filter directive and the pcap docs for more.
Regards On 5/21/05, Paolo Lucente <[EMAIL PROTECTED]> wrote: > Hello Kenneth, > > On Sat, May 21, 2005 at 12:00:03AM +0200, Kenneth Kalmer wrote: > > > I remember I saw a configuration example somewhere that allows traffic > > to a certain host, in this case 192.128.1.2, to be excluded from *all* > > calculations. The gateway machine has 2 IP's and all traffic from any > > client to the second IP must not be used in the calculations of their > > total usage. > > > > How would I go about setting this up? > > Adding a line like 'pcap_filter: not host 192.168.1.2' (and speaking more > generally, the directive understands the classic tcpdump filtering syntax) > should suffice to achieve the goal. Such filter (pcap_filter) is also > pretty quick because it is evaluated straight into the kernel (on most > common OS, e.g. Linux). > > > > Out of interest sake, all the entries with source and destination > > hosts set as 0.0.0.0, where does that traffic come from, or how are > > those numbers calculated? > > Supplying a networks definition file (networks_file) makes all hosts > not included there to be rewritten as zeroes. So, whenever you find such > traffic logged (src 0.0.0.0, dst 0.0.0.0), it means that it have been > exchanged between IP addresses outside such definition. > > To test the above hypotesis, you can run: > 'tcpdump -i eth1 not net 192.168.10.0/24' and see whether it returns any > kind of traffic. > > > Cheers, > Paolo > > > _______________________________________________ > pmacct-discussion mailing list > [email protected] > http://muffin.area.ba.cnr.it/mailman/listinfo/pmacct-discussion > -- Kenneth Kalmer [EMAIL PROTECTED] http://opensourcery.blogspot.com
