Hi John, On Mon, Jul 28, 2008 at 11:00:45PM +0000, John Rouillard wrote:
> I assume I would also specify: > > networks_file[in]: pmnet.lst Correct. > One other idea on the filters may be: > > id=1 filter='dst net 192.168.2.0/24 or dst net 192.168.3.0/24 or dst net > 192.168.5.0' > id=1 filter='dst net 192.168.7.0/24 or dst net 192.168.9.0/24 or dst net > 192.168.12.0' > > That is allow defining multiple filters for the same ID rather than > making the filters longer. This handles the case where the hosts you Sure - you can multiplex multiple Pre-Tagging entries onto the same tag no problems; still at some stage in future (but not currently) it could be convenient to build one big filter rather than many small ones - as the filtering engine can better optimize the expression (ie. Bloom filter, Trie-based map for just IP prefixes, etc.). > Ahh, so I need: > > aggregate[network_in]: src_net, dst_net > aggregate_filter[network_in]: dst net 192.168.7.0/24 > imt_path[network_in]: /tmp/collect.out.network_in > networks_mask[network_in]: 255.255.255.0 > > and not just: > > networks_mask: 255.255.255.0 Precisely. Please also remember the 'networks_mask' directive is happy with the bits and doesn't accept the mask expression. > Also I have a need to gather stats on traceroute packets across the > wan from our monitoring network. This is the approach I was thinking > of (after reading the tagging explanation above) > > pretag.map: > id=1 filter='(udp or ip) and ip[8] < 10' > > This should tag udp packets with a ttl of less than 10. > > then I can create a plugin definition: > > aggregate[traceroute]: src_host, dst_net > pre_tag_filter[traceroute]: 1 > networks_mask[traceroute]: 255.255.255.0 > > to track all the bytes being sent out. Does this look right? Yes, it does. The above filter would work no problems and the config is consistent apart for the same minor remark i made above about the 'networks_mask' directive. Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
