26.10.2009 22:39, Paolo Lucente пишет: > Hi Slava, > Thanks for answers. > Although tagging can play in your case a key (negative) role under > sustained loads, i wouldn't know if it is the prime contributor to > such hang ups. > > The log below tells that either the router itself is unable to > export all the NetFlow data or such data gets lost before making > it to the collector (network, kernel buffers, etc.). Such sequence > checks can be avoided with the aim of avoid massive logging and in > turn relief CPU load: nfacctd_disable_checks set to true. > Thanks, but I wish to know that does not work. > What occurs when the Core Process has not time to handle all traffic? > Well, nfacctd reads data from a socket; and a socket at the very end > manages a buffer of a certain size. If nfacctd is too slow to pick > data out of the buffer compared to the arrival rate, there will be > some data loss. At this propo: is buffering enabled within nfacctd > (ie. plugin_pipe_size, plugin_buffer_size) ? > Yes, I use plugin_buffer_size: 10240 plugin_pipe_size: 1024000
Is it possible add more? Why Core Process use only one processor? Seems not optimally ;) > Is it not also an idea, if possible (depends on the router) and for > the benefit of the whole solution, to introduce sampled NetFlow? > Yes. I use sampling х10. Seems solution for me use x100 But under ddos we receive a considerable quantity of small packages and then the big error. -- WBR, Dubrovskiy Vyacheslav
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
