Hello Colin, On Sun, Oct 16, 2005 at 10:24:12PM +1000, Colin Horsington wrote:
> In the second example the src_ip and dst_ip are actually the AS > numbers and not the IP addresses. I would very much like to store > both AS numbers (src, dst, next) and IP addresses (eventually in > mysql) as the configuration is specified - I wonder if this bug is > also applicable for use mysql for storage? It's not a bug: the src_ip/dst_ip field is used by more primitive couples, the IP address one (src_host, dst_host), the network chunk one (src_net, dst_net) and the ASN one (src_as, dst_as). In some limits, they could be mixed (src_host, dst_as; src_as, dst_net; etc.). You can still go on with a configuration like the following (which applies to the print plugin but might be easily translated to both SQL plugins too): sfacctd2.config === plugins: print[ip], print[as] aggregate[ip]: src_mac,dst_mac,vlan,src_host,dst_host,src_as,dst_as,src_port,dst_port,tos,proto,flows aggregate[as]: src_mac,dst_mac,vlan,src_as,dst_as,src_as,dst_as,src_port,dst_port,tos,proto,flows print_refresh_time: 30 sfacctd_renormalize: true === > Would it also be possible to store the IP address of the sFlow > originator and src/dst interfaces? This might be required where I > have a large distributed architecture, and too ensure we do not > double count - I would need to structure the database queries to > exclude some switches and their interfaces... In pmacct (SQL table >= v2) there is the concept of 'agent_id': you can tag packets/flows (see 'pre_tag_map' configuration directive and pretag.map file into the examples tree of the pmacct tarball) basing on a bunch of parameters: input port, output port, IP address of the sFlow agent, sampling rate value and subAgentId field. In the SQL table you will find a tag - a small positive integer - which represents the combinations expressed in the Pre-Tagging map. Let me know how things get evolved. Cheers, Paolo
