Hello sir, thank you for your answer and sorry for my delayed reply.
I solved all bellow problems by using the newest version and compilling it by myself. Now pmacctd accounts my data to MySQL pretty well, except one problem: In high traffic ( > 200 Mbit / sec.) pmacctd doesn't count all bytes and packets. I found out that this happened when I use pretag file. I have pretag map file with almost 3000 filters inside, for recognizing traffic which heads outside the country. For example 140 MB file, downloaded by approx. 70 MBytes / sec (my servers are connected thru gigabit to the internet) - pmacctd counted just approx. 110 MB of this file and output of daemon says that huge amounts of packets were dropped by kernel - between 3000 - 6000, depends on. I also tried to compile pmacct against PF_RING libpcap, but it didn't help. I also tried to "play" with different buffers in configuration file, but it didn't help either. Do you have any idea why pmacctd doesn't count all traffic in such conditions? Thank you and have a nice day, Jaromir. 18. 7. 2011 v 13:48, Paolo Lucente: > Hi Jaromir, > > Thanks for your interest into the pmacct project. Please find below > answers to your questions: > > 1) Did you compile the package with --enable-ipv6 ? > > 2) Is it possible it's all traffic from the outside to IP addresses > assigned to you but not used as a result of a scan? Or you see > unused IP addresses generating traffic? > > 3) 0.0.0.0 is traffic to/from some networks which are not listed as > part of your networks.lst file. This is also briefly explained in > the CONFIG-KEYS, networks_file part: "[ ... ] a) it allows to > rewrite as zero IP addresses not included in any defined network > range (ie. to avoid IP addresses external to the local domain to > be accounted for)" > > Cheers, > Paolo > > On Fri, Jul 15, 2011 at 11:57:41AM +0200, Jarom?r ?ervenka wrote: >> Hello to all, >> >> first I must say, that pmacct is great piece of software, thanks for it. >> May I have few questions for more advanced user, than I am? >> >> Let's start with my current configuration, for one server: >> >> pmacctd.conf: http://paste.opensuse.org/97918056 >> networks.lst: http://paste.opensuse.org/88433187 >> pretag.map: http://paste.opensuse.org/31181373 >> >> 1) First question is regarding to IPv6 i pre_tag_map file. When I put >> IPv6 network inside, I get this error: >> >> INFO ( default/core ): Trying to (re)load map: /etc/pmacct/pretag.map >> ERROR ( /etc/pmacct/pretag.map ): malformed filter: unknown network 'a01' >> Line 2 ignored. >> INFO ( default/core ): map '/etc/pmacct/pretag.map' successfully (re)loaded. >> >> Is it possible to use IPv6 networks inside pre_tag_map file? I would >> like to distinguish IPv4 and IPv6 traffic. >> >> 2) As you can see, I've configured pmacctd for accounting total traffic >> for IN and OUT (in two different SQL tables), only for my two networks - >> one is IPv4, second one IPv6. But I have just few IP addresses allocated >> from these networks for my servers (for exapmple: 80.79.27.58- >> 80.79.27.71). But the results shows me, that there is some communication >> from my network to the internet from addresses, which are not assigned >> any of my servers or ethernet cards (like .83 , .76, etc.) . How is it >> possible? >> >> 3) My last question is regarding to aggregation total IN / OUT of >> networks. In the results there is network 0.0.0.0 which has significant >> nr. of packets and bytes. What does it mean? >> >> Thank you for any advice, >> Jaromir Cervenka > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
