Hello Peter, On Fri, Jul 15, 2005 at 11:27:07PM +0200, Pajlatek wrote:
> How is it possible to make it: > 1)Log time exact as the packet flows > [i understand that we can't make it use exact second time figure like > 10:22:12 and next flow at 10:22:13. ? ] This isn't a task for an accounting tool; you should divert your eyes to some flow logging tool. And it seems very likely that they are available only in conjunction with NetFlow (eg. flow-tools). Moreover, logging your flows should make you drop the chance to insert them into a SQL database unless you just need last few hours of traffic (think at the fact that an user connecting his browser to the CNN site can spawn in a shot up to 100 unidirectional flows). Said this all, flow logging is possible but it should be more efficient kept disjoint from accounting/billing/etc. operations. An example on how to let more tools (one for accounting - eg. for the billing department -, the other for flow logging - eg. for the CSIRT -) to coexist in a single environment is depicted into the 9th slide of the PDF: http://www.ba.cnr.it/~paolo/pmacct/p_lucente-accounting.pdf > 2)What did i ommit in conf file so i cant see the PORT and MAC fileds other > than > 0 ? To account MAC addresses you can use the 'src_mac' and 'dst_mac' keywords in the 'aggregate' directive; for ports, 'src_port' and 'dst_port'. They are documented in CONFIG-KEYS. Cheers, Paolo
