I'm hoping someone can help me architect a solution. I have servers colocated and do not have access to the switches.
My goal is to see what servers are talking to who, how much and on what ports. A little more info: My servers are all over a 10.0.0.0/8 network. Some in the same subset some not. I have pmacctd running and sending info to mysql. Config is: !daemonize: true interface: eth0 plugins: mysql[both] aggregate[both]: src_host,dst_host,dst_port,src_port,src_mac,dst_mac,flows aggregate_filter[both]: dst net 10.0.0.0/8 sql_table[both]: acct sql_refresh_time: 300 sql_history: 5m sql_history_roundoff: h sql_dont_try_update: true sql_table_version[both]: 4 sql_host: 10.4.125.70 Here is what I'm thinking. Each server get it's own table in the DB and I report off of those. I'm also a little confused on sql_history and roundoff and refresh time. Could someone help explain that a little. Do I have to purge my tables after queries and move or chart the summary info or is that what the sql_history is already doing? thanks very much -- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~# http://www.medialets.com _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
