Hi group: I choose sFlow over NetFlow so I can collect non-IP traffic. Then I installed pmacct to use as the collector (I use the sFlow agent from InMon: http://www.inmon.com/technology/sflowVersion5.php).
The idea was to be able to see traffic like Cisco STP, IPx, etc, not only IP (i.e. to detect STP loops and the like, for example). But I can't make it work. The agent is sending all traffic it sees, but the collector doesn't collect traffic other than IP. Is it possible to capture all traffic (not only IP) ? My scenario: # FROM sflow probe machine # (sflow agent is up and running, and is sending the traffic) probe1:~ # ./sflsp -d eth0 -P -s 2 -C '10.19.6.91' -c 6343 # sflow collector machine # (it receives all traffic sent by the probe) dev-moi:~ # ./sflowtool -p 6343 -t | tcpdump -n -r - not ip and not arp | grep IPX 11:35:35.000000 IPX 00000000.00:00:74:93:ec:61.4100 > 00000000.ff:ff:ff:ff:ff:ff.0452: ipx-sap-nearest-req 0004 # pmacct config /etc/pmacct/sfacctd.conf daemonize: false debug: true sfacctd_ip: 10.19.6.91 sfacctd_port: 6343 plugins: memory[display] plugin_pipe_size: 16777216 plugin_buffer_size: 256 print_refresh_time: 20 aggregate: tag, vlan, src_mac, dst_mac, src_host, dst_host, proto, tos # sflow collector dev-moi:~ # sfacctd -f /etc/pmacct/sfacctd.conf # pmacct -s (doesn't collect traffic other than ip despite this machine is receiving all) dev-moi:~ # pmacct -s -p /tmp/collect.pipe | grep -v udp TAG SRC_MAC DST_MAC VLAN SRC_IP DST_IP PROTOCOL TOS PACKETS BYTES 0 00:50:56:a4:00:1d 00:1d:70:64:e4:00 0 10.19.6.90 209.85.195.104 tcp 0 6 453 0 00:50:56:a4:00:04 00:50:56:a4:00:1d 0 10.19.6.59 10.19.6.90 icmp 0 1 102 0 00:26:b9:d9:67:8d 00:50:56:a4:00:1d 0 10.19.6.68 10.19.6.90 tcp 0 42 4160 0 00:1d:70:64:e4:00 00:50:56:a4:00:1d 0 209.85.195.104 10.19.6.90 tcp 0 8 7382 0 00:50:56:a4:00:1d 00:26:b9:d9:67:8d 0 10.19.6.90 10.19.6.68 tcp 16 33 5374 For a total of: 140 entries regards, edward
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
