Hi All, We're currently evaluating running pmacctd on some linux-based routers and we're having issues with pmacctd grossly over-reporting the amount of traffic passing through the systems. Our testing has shown that the daemon is logging values roughly 6 times greater than actual traffic flowing through the system.
Can someone please take a look at the below and see if anything grabs their attention as being wrong? I'm unable to find anything abnormal in the below setup. The network is structured as follows: - Two routers running Quagga for BGP and OSPF, Keepalived for VRRP and pmacctd (version 0.11.6) for traffic accounting. - Each router has 8 VLANs - 4 VLANs for upstream/transit traffic and 4 VLANs for customers. - Both pmacctd instances are logging to a central PostgreSQL server. - We have one /20 that we want to account for traffic on a per IP basis (network a.a.a.a/20), plus two /22's (network b.b.b.b/22 and c.c.c.c/22), two /23's (d.d.d.d/23 and e.e.e.e/23) and one /24 (f.f.f.f/24) that we want to account for on a per network basis. - pmacctd is configured to set a different agent_id for traffic depending on which router is generating the record in the database and whether the traffic is being accounted on a per IP or per network basis. - pmacctd is started on each router as a daemon listening on interface 'any'. My understanding is that we would see the traffic twice using this interface (once on the transit interface and once on a customer interface). Below is the pmacctd.conf file contents: aggregate[inbound1]: tag,dst_host aggregate[inbound2]: tag,dst_net aggregate[outbound1]: tag,src_host aggregate[outbound2]: tag,src_net networks_file: /etc/pmacct/networks plugin_buffer_size: 20480 plugin_pipe_size: 20480000 plugins: pgsql[inbound1],pgsql[outbound1],pgsql[inbound2],pgsql[outbound2] post_tag[inbound1]: 1 post_tag[inbound2]: 11 post_tag[outbound1]: 1 post_tag[outbound2]: 11 pre_tag_filter[inbound1]: 1 pre_tag_filter[inbound2]: 3 pre_tag_filter[outbound1]: 2 pre_tag_filter[outbound2]: 4 pre_tag_map: /etc/pmacct/pretag.map promisc: true refresh_maps: true sql_data: typed sql_db: traffic sql_history: 1h sql_history_roundoff: h sql_host: sqlserver sql_locking_style: row sql_optimize_clauses: true sql_passwd: password sql_recovery_logfile[inbound1]: /var/log/pmacct/recovery-any-inbound1.log sql_recovery_logfile[inbound2]: /var/log/pmacct/recovery-any-inbound2.log sql_recovery_logfile[outbound1]: /var/log/pmacct/recovery-any-outbound1.log sql_recovery_logfile[outbound2]: /var/log/pmacct/recovery-any-outbound2.log sql_refresh_time: 90 sql_startup_delay[inbound1]: 30 sql_startup_delay[inbound2]: 60 sql_startup_delay[outbound1]: 30 sql_startup_delay[outbound2]: 60 sql_table[inbound1]: ri_%Y%m sql_table[inbound2]: ri_%Y%m sql_table[outbound1]: ro_%Y%m sql_table[outbound2]: ro_%Y%m sql_table_schema[inbound1]: /etc/pmacct/traffic-inbound.schema sql_table_schema[inbound2]: /etc/pmacct/traffic-inbound.schema sql_table_schema[outbound1]: /etc/pmacct/traffic-outbound.schema sql_table_schema[outbound2]: /etc/pmacct/traffic-outbound.schema sql_table_version: 2 sql_user: traffic Our /etc/pmacct/pretag.map file is as follows (each entry is on a single line): id=1 filter='dst net (a.a.a.a/20 or b.b.b.b/22) and not src net (a.a.a.a/20 or b.b.b.b/22 or c.c.c.c/22 or d.d.d.d/23 or e.e.e.e/23 or f.f.f.f/24)' id=2 filter='src net (a.a.a.a/20 or b.b.b.b/22) and not dst net (a.a.a.a/20 or b.b.b.b/22 or c.c.c.c/22 or d.d.d.d/23 or e.e.e.e/23 or f.f.f.f/24)' id=3 filter='dst net (f.f.f.f/24 or e.e.e.e/23 or d.d.d.d/23 or c.c.c.c/22) and not src net (a.a.a.a/20 or b.b.b.b/22 or c.c.c.c/22 or d.d.d.d/23 or e.e.e.e/23 or f.f.f.f/24)' id=4 filter='src net (f.f.f.f/24 or e.e.e.e/23 or d.d.d.d/23 or c.c.c.c/22) and not dst net (a.a.a.a/20 or b.b.b.b/22 or c.c.c.c/22 or d.d.d.d/23 or e.e.e.e/23 or f.f.f.f/24)' Our /etc/pmacct/networks file is as follows: a.a.a.a/20 b.b.b.b/22 c.c.c.c/22 d.d.d.d/23 e.e.e.e/23 f.f.f.f/24 Can anyone see any issues with the above? Please let me know if I've omitted any information. Regards, David Hill eStation Australia Pty Ltd http://www.estation.com.au --------------------------- Telephone 03 9725 8759 Facsimile 03 9725 6388 Address Suite 4, 6 Thomas Brew Lane, Croydon, Victoria, 3136 Postal PO Box 4084, Croydon Hills, Victoria, 3136 eStation Australia Pty Ltd ACN 097 354 348 ABN 51 097 354 348 --------------------------- _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
