Hi!
I would like to logging some traffic to database:
TCP packets with flags SYN or FIN or RST to table "kancelaria"
UDP packets (1-of-100) to table "dupa"
ICMP packets (1-of-100) to table "icmp".
My test configuration:
!START CONFIGURATION
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
!FOR PMACCTD USE PROMISC: TRUE
!promisc: true
!FOR NFACCTD USE NFACCTD_PORT: 2055
nfacctd_port: 2055
interface: eth2
aggregate[kancelaria]: src_host, dst_host, src_port, dst_port, tcpflags
aggregate[dupa]:src_host, dst_host, src_port, dst_port
aggregate[icmpe]:src_host, dst_host, src_port, dst_port
aggregate_filter[kancelaria]: tcp[tcpflags] & (tcp-syn) != 0 ||
tcp[tcpflags] & (tcp-fin) !=0 || tcp[tcpflags] & (tcp-rst) !=0
aggregate_filter[dupa]: udp
aggregate_filter[icmpe]: icmp
sampling_rate[icmpe]:100
sampling_rate[dupa]:100
plugins: mysql[kancelaria], mysql[dupa], mysql[icmpe]
sql_db: pmacct
sql_optimize_clauses: true
sql_table[dupa]: dupa
sql_table[kancelaria]: kancelaria
sql_table[icmpe]: icmpe
sql_user: root
sql_passwd: regedit4
sql_dont_try_update: true
sql_refresh_time: 1
sql_history: 1d
!STOP CONFIGURATION
I try it at pmacctd and nfacctd. When I use pmacct everything works
great. But problem is with nfacctd. It does not save data to kancelaria
table. When I erase from configuration "aggregate_filter[kancelaria]:"
when it saves packet.
Somebody know why nfacct has got problem with these aggregate_filter?
PS aggregate_filter[dupa] and aggregate_filter[icmpe] wors correctly.
Kind regards
Borys Owczarzak
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
