Hi guys,
Thanks for pmacct. I was planning to aggregate netflow into a database and
got very excited after I found your tool. It was very well thought out and
designed.
I might have have missed a configuration option but '0.0.0.0' is getting
inserted into each record. An example..
| 0:0:0:0:0:0 | 0:0:0:0:0:0 | 0.0.0.0 | 0.0.0.0 | 80 |
3157 | tcp | 5 | 431 | 2006-02-23 01:40:00 | 2006-02-23
02:44:44 |
Here is the configuration file that I have used.
debug: true
daemonize: false
! aggregate_filter[dummy]: src net 192.168.0.0/16
aggregate: src_host, dst_host, src_as, dst_as, src_port, dst_port, proto
! plugin_buffer_size: 1024
!pre_tag_map: ./id_map.example
! nfacctd_port: 5678
! nfacctd_time_secs: true
! nfacctd_time_new: true
! plugins: pgsql
plugins: mysql
sql_db: pmacct
sql_table: acct
sql_table_version: 1
sql_table_schema: /usr/local/pmacct/acct.schema
sql_passwd: passwd
sql_user: user
sql_refresh_time: 60
!sql_refresh_time: 90
! sql_multi_values: 1000000
! sql_optimize_clauses: true
!sql_history: 10m
!sql_history_roundoff: mh
sql_history: 5m
sql_history_roundoff: m
! sql_preprocess: qnum=1000, minp=5
! networks_file: ./networks.example
! ports_file: ./ports.example
ports_file: /usr/local/pmacct/ports.txt
pidfile: /usr/local/pmacct/pmacct.pid
networks_file: /usr/local/pmacct/ua_subnets.txt
networks_cache_entries: 149
--------------
I currently use flow-tools and have sent to netflow data by doing this.
# nfacctd -v 1 -f /etc/pmacctd.conf
# flow-cat 30sec.2 | flow-send -V5 0/128.196.128.26/2100
I have read most of the documentation except for INTERNALS page. I hope I
am not missing something obvious. Please let me knwo if you guys need
anything else.
Thanks,
Prakash.
--
Prakash Rudraraju Systems Programmer
520 626-1225 (W) CCIT - NTS
520 307-0949 (C) University of Arizona
You affect the world by what you browse.
-------------------------------------
Printed using 100% recycled electrons
