I have had pmacctd running for about a week now using the src/dst_host aggregates. The data from these is being collected and graphed in cacti ok.
Just today I created another .conf file using the src/dst_net aggregate and ran another pmacctd instance. When I display the statistics I get data for 2 networks. One of these is 0.0.0.0. There seems to be a lot of traffic to/from this network. Can someone explain what this might be? Here is my config ... CentOS 4.4 Linux with 2 NIC's. One nic (eth1) is connected to a analysis port on my switch. All data from the port my firewall is connected to is mirrored to this port. Pmacctd listens to this interface. This is my conf that counts each lan pc's traffic to/from the internet ... debug: false daemonize: true interface: eth1 plugin_buffer_size: 2048 plugin_pipe_size: 2048000 networks_file: /etc/pmacct/networks.def plugins: memory[in], memory[out] aggregate[in]: dst_host aggregate[out]: src_host imt_path[in]: /tmp/in.pipe imt_path[out]: /tmp/out.pipe This is the new conf to count total traffic to/from the internet ... debug: false daemonize: true interface: eth1 plugin_buffer_size: 2048 plugin_pipe_size: 2048000 networks_file: /etc/pmacct/networks.def plugins: memory[in], memory[out] aggregate[in]: dst_net aggregate[out]: src_net imt_path[in]: /tmp/in-net.pipe imt_path[out]: /tmp/out-net.pipe I only have one internal network. This is 10.x.x.x/24. Here are some stats for the 2nd conf ... DST_IP PACKETS BYTES 10.x.x.x 6938 6264649 0.0.0.0 6070 2820340 Cheers Ian. _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
