Hi Anthony, On Mon, Nov 21, 2011 at 05:02:05PM -0500, Anthony Acquanita wrote:
> I'm hoping someone can help me architect a solution. I have servers > colocated and do not have access to the switches. No access to switches but you receive a mirror of the traffic? Or how you are actually collecting data? A pmacctd instance running on every server? > My goal is to see what servers are talking to who, how much and on what ports. > > [ ... ] > > aggregate_filter[both]: dst net 10.0.0.0/8 >From the filter set in the configuration you posted it seems you might be only interested in who connects on which ports of your servers .. is this a wrong assumption? > Here is what I'm thinking. Each server get it's own table in the DB > and I report off of those. Could be a viable idea, but there is no native support for this - you will have to script it out yourself. IMHO, if you have some scripting ability, it does not look a biggie. > I'm also a little confused on sql_history and roundoff and refresh time. > Could someone help explain that a little. Do I have to purge my > tables after queries and move or chart the summary info or is that > what the sql_history is already doing? sql_history performs temporal aggregation of data letting you specify the size of the time-bin. The roundoff is something one typically wants enabled since it builds nicely aligned time-bins. Say you specify a 5 minutes time-bin (sql_history: 5m), setting the roundoff to 'm' makes pmacct build traffic stats for 00, 05, 10, 15, etc. time-bins. Refresh time says how often to write to the DB (expects a time in seconds). If there is no (near) real-time requirement, the advice would be to set it equal to the sql_history value for the sake of performances (ie. avoid UPDATE SQL queries which are rather expensive). Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
