Re: [pmacct-discussion] AS numbers are zero on NetFlow export

Sat, 09 Oct 2010 11:58:13 -0700 

Hi Gavin,

I can see in the ChangeLog of version 0.11.5 mentioning of
the following entry:

! fix, 'nfprobe' plugin: AS numbers were not correctly exported
  to the collector when pmacctd was in use. Patch is courtesy of
  Emerson Pinter.

It looks related to your issue. Version 0.11.4 dates back
to 2007 - would recommend a refresh.

Cheers,
Paolo

On Sat, Oct 09, 2010 at 02:03:48PM +0100, Gavin Hamill wrote:
> Hi all,
> 
> I'm attempting a simple test with pmacct to aggregate flows on our
> border router and export them to a NetFlow collector. The configuration
> is trivial:
> 
> daemonize: true
> pidfile: /var/run/pmacctd.pid
> syslog: daemon
> aggregate: src_host,dst_host,src_port,dst_port,src_as,dst_as,proto,tos
> plugins: nfprobe,memory
> nfprobe_receiver: 1.2.3.4:2055
> nfprobe_version: 5
> networks_file: /etc/pmacct/networks.lst
> interface: bond0.303
> 
> The memory plugin shows the correct data:
> 
> brd3:~# pmacct -s | head
> SRC_AS  DST_AS  SRC_IP           DST_IP           SRC_PORT  DST_PORT
> PROTOCOL    TOS    PACKETS     BYTES
> 31523   6849    194.24.250.8     213.179.249.135  53        22646
> udp         0      1           138
> 31523   5607    194.24.251.180   94.3.200.64      443       49800
> tcp         0      12          7826
> 10091   31523   218.186.8.10     194.24.251.184   40815     80
> tcp         0      5           998
> 31523   6871    194.24.251.184   84.92.172.186    80        50440
> tcp         0      189         191279
> 31523   5089    194.24.251.180   81.100.211.123   80        3416
> tcp         0      22          22864
> 31523   2529    194.24.250.247   62.49.62.177     443       1338
> tcp         0      2           103
> 31523   5607    194.24.251.184   90.207.187.105   80        50220
> tcp         0      7           4759
> 31523   6785    194.24.250.247   94.145.133.67    80        11956
> tcp         0      20          18141
> 31523   20155   194.24.251.180   216.171.168.38   80        56151
> tcp         0      35          47809
> 
> However, Src AS and Dst AS are zero in the NetFlow data - verified with
> Wireshark when using both v5 and v9. Have I done something wrong?
> 
> Our border routers run Debian 'lenny' for stability, so pmacct is
> 0.11.4.
> 
> gdh
> 
> 
> 
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to