Hi Jaromir, Thanks for your interest into the pmacct project. Please find below answers to your questions:
1) Did you compile the package with --enable-ipv6 ? 2) Is it possible it's all traffic from the outside to IP addresses assigned to you but not used as a result of a scan? Or you see unused IP addresses generating traffic? 3) 0.0.0.0 is traffic to/from some networks which are not listed as part of your networks.lst file. This is also briefly explained in the CONFIG-KEYS, networks_file part: "[ ... ] a) it allows to rewrite as zero IP addresses not included in any defined network range (ie. to avoid IP addresses external to the local domain to be accounted for)" Cheers, Paolo On Fri, Jul 15, 2011 at 11:57:41AM +0200, Jarom?r ?ervenka wrote: > Hello to all, > > first I must say, that pmacct is great piece of software, thanks for it. > May I have few questions for more advanced user, than I am? > > Let's start with my current configuration, for one server: > > pmacctd.conf: http://paste.opensuse.org/97918056 > networks.lst: http://paste.opensuse.org/88433187 > pretag.map: http://paste.opensuse.org/31181373 > > 1) First question is regarding to IPv6 i pre_tag_map file. When I put > IPv6 network inside, I get this error: > > INFO ( default/core ): Trying to (re)load map: /etc/pmacct/pretag.map > ERROR ( /etc/pmacct/pretag.map ): malformed filter: unknown network 'a01' > Line 2 ignored. > INFO ( default/core ): map '/etc/pmacct/pretag.map' successfully (re)loaded. > > Is it possible to use IPv6 networks inside pre_tag_map file? I would > like to distinguish IPv4 and IPv6 traffic. > > 2) As you can see, I've configured pmacctd for accounting total traffic > for IN and OUT (in two different SQL tables), only for my two networks - > one is IPv4, second one IPv6. But I have just few IP addresses allocated > from these networks for my servers (for exapmple: 80.79.27.58- > 80.79.27.71). But the results shows me, that there is some communication > from my network to the internet from addresses, which are not assigned > any of my servers or ethernet cards (like .83 , .76, etc.) . How is it > possible? > > 3) My last question is regarding to aggregation total IN / OUT of > networks. In the results there is network 0.0.0.0 which has significant > nr. of packets and bytes. What does it mean? > > Thank you for any advice, > Jaromir Cervenka _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
