Hi Andreas, Yes, sFlow packets are coming in but are not being successfully correlated to BGP information. Please make sure the sFlow agent ID is same as the IP address used for BGP peering with pmacct and the router is advertising full BGP table (you can check this at the router CLI or by enabling bgp_daemon_msglog - and perhaps the logfile directive aswell so you can browse through the debug at your convenience).
Let me know. Cheers, Paolo On Thu, Dec 30, 2010 at 10:57:07AM +0100, Andreas Larsen wrote: > Hi Paolo. > If I do this > > I get the following output. > > pmacct -s -p /tmp/test.pipe > SRC_AS DST_AS AS_PATH PACKETS BYTES > 0 0 ^$ 3585 2871561 > > For a total of: 1 entries > RouteLookinglass1:/home/larand# pmacct -s -p /tmp/test.pipe > SRC_AS DST_AS AS_PATH PACKETS BYTES > 0 0 ^$ 3903 3111672 > > So apparently packets are coming in but without src_as and dst_as. > > Or I'm I missing something fundamental ? > > Regards Andreas > > -----Ursprungligt meddelande----- > Fr?n: Paolo Lucente [mailto:[email protected]] > Skickat: den 29 december 2010 17:37 > Till: Andreas Larsen > Kopia: [email protected] > ?mne: Re: [pmacct-discussion] Sflow ! > > Hi Andreas, > > OK, sFlow datagrams are getting to the collector; from the previous email it > seems BGP information is also getting through no problems. > You don't daemonize the process, don't enable debug and comment out > bgp_daemon_msglog - and as a result, don't get anything anymore on the > terminal: so far so good. > > As you also don't specify a 'plugins' directive, by default a memory plugin > is activated - listening on the '/tmp/test.pipe' pipe file as per your > command-line (-p /tmp/test.pipe). I wonder if you open another terminal and > query the memory table with the pmacct memory client, ie. > do a 'pmacct -s -p /tmp/test.pipe': do you see any stats according to the > specified aggregation method (aggregate directive)? > > Cheers, > Paolo > > > On Wed, Dec 29, 2010 at 11:05:01AM +0100, Andreas Larsen wrote: > > Ok thanks for the clarification. > > > > The config file you see is actually all I have now in debug purpose. I > > have nothing else in the file. When I run sfacctd with the debug > > bgp_daemon_msglog I do get a lot of information like the one described > > below. > > sfacctd -f /etc/pmacct/sfacctd.conf -p /tmp/test.pipe > > > > However when I comment that field out in the configuration file and > > run the same command again I get nothing in the terminal > > > > > > !daemonize: true > > sfacctd_ip: X > > bgp_daemon: true > > bgp_daemon_ip:X > > bgp_daemon_max_peers: 100 > > bgp_aspath_radius: 3 > > sfacctd_as_new: bgp > > aggregate: src_as, dst_as, as_path > > ! tag, peer_src_as, peer_dst_as, peer_src_ip, peer_dst_ip, local_pref, > > as_path > > !bgp_daemon_msglog: true > > > > Sflow packets are coming in.> > > 10:44:18.821453 IP X.X:X.X.8888 > X.X.X.X:6343: UDP, length 1156 > > > > I'm thinking I have done something wrong with the pmacct config file or > > maybe at the compilation of pmacct. Is there any debug I could try ? > > > > Regards Andreas > > > > -----Ursprungligt meddelande----- > > Fr?n: [email protected] > > [mailto:[email protected]] F?r Paolo Lucente > > Skickat: den 28 december 2010 19:51 > > Till: [email protected] > > ?mne: Re: [pmacct-discussion] Sflow ! > > > > Hi Andreas, > > > > Thanks and same to you and all reading - Merry Christmas and Happy New Year. > > > > Follow in-line: > > > > On Tue, Dec 28, 2010 at 03:27:23PM +0100, Andreas Larsen wrote: > > > > > if I add bgp_daemon_msglog: true, I get loads of flows coming in. > > > > > > default/core/BGP ): [Id:X ] u Prefix: '85.9.104.0/23' Path: '(Comms: > > > EComms: '' LP: '50' MED: '0' Nexthop: X > > > > > > However as soon as I remove this I get no information at all in. Bgp > > > comes up fine with my router. > > > > bgp_daemon_msglog lets you debug BGP messaging; it says nothing about sFlow > > samples or NetFlow flows. The moment pmacct is BGP peering with one or more > > routers this directive produces output on the screen or on the log files; > > if you comment it out from your configuration, then you don't get debugging > > information anymore. > > > > The fragment of configuration you posted looks simple enough; maybe it > > doesn't give the entire feel since you also mention an aggregate_filter > > directive. From what i see if your routers are a) sending sFlow datagrams > > to the right IP address and port, b) firewall on the collector box is > > allowing sFlow and BGP to pass through and c) the routers are using the > > same IP address for the sFlow agent ID and to BGP peer with pmacct then you > > should see your MySQL database populated. > > > > Let me know. > > > > Cheers, > > Paolo > > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
