Hi all, We are looking to use pmacct for traffic billing in a Data Center environment. A few general questions:
1. We plan to use pmacct via libpcap and use SPAN/mirror ports to sniff traffic. However, we have multiple "paths" in and out of our network. With this in mind, is it possible to set up multiple pmacct instances (listening on different interfaces) but still have the data inserted/aggregated into the same MySQL database while avoiding locking/row duplication issues? 2. When specifying the networks to "watch for", if I say "192.168.1.0/24" in the .conf file, when it records data into the MySQL database, I assume it is doing so on a /32 basis (for each individual IP in that network range?) 3. We want to _exclude_ traffic generated on the local network from being recorded. That is, we only care about recording traffic to/from the Internet to/from the hosts on the network. So, is there a way to say "Ignore traffic between hosts on x.x.0.0/19 and other hosts on x.x.0.0/19"? 4. Our goal is to record traffic totals on a per-IP address basis every 5 minutes into the SQL database. It would also be nice to be able to summarize the per-IP data that has been collected in the database on a specific subnet basis (each customer is assigned a distinct subnet, so to get totals on a per customer basis, this is necessary). Does pmacct have any facility for this, or is it left up to me to write something myself? 5. Is it also possible to record into the database, on a per-IP address basis, a running counter of the "top talkers" -- e.g. top src ip -> top dst ip based on traffic volume? (e.g. top 10, top 25, etc) 6. Looking at the default pmacct-create-db_v1.mysql, I see columns for ip_src and ip_dst. If I'm going to use this for traffic totals per-IP, does each "conversation" or "flow" from the ip_src get recorded as a separate row in the table? (so if ip_src 192.168.1.5 is talking to 100 different hosts, I get 100 rows, one for each ip_dst host, every 5 minutes inserted into the table for ip_src 192.168.1.5) Appreciate the help. Thanks. --Mike _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
