Hi,
I try use nfacctd to match total traffic per src / dst AS. In column
"as_src" and "as_dst". I see correct values of ASN but value "0" in
database. I used newest version: 0.14.0rc2.
From database:
mysql> select * from bgpout where as_dst=0;
+--------+-------------+-----------+--------------+---------------------+---------------------+
| as_dst | peer_as_dst | packets | bytes | stamp_inserted
| stamp_updated |
+--------+-------------+-----------+--------------+---------------------+---------------------+
| 0 | 0 | 54375838 | 41486784044 | 2011-11-24 00:00:00
| 2011-11-24 12:41:51 |
| 0 | 0 | 44025968 | 37043971913 | 2011-11-25 00:00:00
| 2011-11-25 16:06:32 |
| 0 | 0 | 512885511 | 451358426151 | 2011-11-28 00:00:00
| 2011-11-28 17:06:41 |
+--------+-------------+-----------+--------------+---------------------+---------------------+
3 rows in set (0.00 sec)
mysql> select * from bgpin where as_src=0;
+--------+-------------+---------+-----------+---------------------+---------------------+
| as_src | peer_as_src | packets | bytes | stamp_inserted |
stamp_updated |
+--------+-------------+---------+-----------+---------------------+---------------------+
| 0 | 0 | 445268 | 376754509 | 2011-11-24 00:00:00 |
2011-11-24 21:21:11 |
| 0 | 0 | 430021 | 199489560 | 2011-11-25 00:00:00 |
2011-11-25 15:49:01 |
| 0 | 0 | 144736 | 71592615 | 2011-11-28 00:00:00 |
2011-11-28 16:32:32 |
+--------+-------------+---------+-----------+---------------------+---------------------+
3 rows in set (0.00 sec)
mysql>
My configuration file:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Basic !!!
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
logfile: /var/log/nfacctd.log
!promisc: true
!interface: eth1
plugin_pipe_size: 4096000
plugin_buffer_size: 40960
!!! NetFlow !!!!
nfacctd_port: 2055
nfacctd_ip: 10.111.233.5
nfacctd_time_new: true
nfacctd_as_new: bgp
!nfacctd_net: bgp !NOT IMPLEMENTED YET!
!nfacctd_allow_file: /etc/nfacct/netflow.rules
!!! DefineData !!!
aggregate[bgpin]: src_as, peer_src_as
aggregate_filter[bgpin]: dst net 192.168.208.0/21 || dst net
192.168.40.0/21 || dst net 192.168.128.0/21
aggregate[bgpout]: dst_as, peer_dst_as
aggregate_filter[bgpout]: src net 192.168.208.0/21 || dst net
192.168.40.0/21 || dst net 192.168.128.0/21
!!! MySQL !!!
plugins: mysql[bgpin], mysql[bgpout]
sql_db: nfacct
sql_optimize_clauses: true
!sql_startup_delay: 4
sql_table[bgpin]: bgpin
sql_table[bgpout]: bgpout
!sql_table_type: bgp
!sql_table_version: 1
sql_user: root
sql_passwd: makaron
sql_dont_try_update[bgpin]: false
sql_dont_try_update[bgpout]: false
sql_refresh_time: 10
sql_history: 1d
sql_history_roundoff: d
!sql_cache_entries: 1
!!! BGP session !!!
bgp_daemon: true
bgp_daemon_ip: 10.111.233.5
bgp_daemon_max_peers: 1
!bgp_daemon_allow_file
bgp_peer_src_as_type: bgp
bgp_peer_src_as_map: /etc/nfacct/peer.map
!bgp_peer_src_as_type:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tables:
create table bgpin (
as_src INT(4) UNSIGNED NOT NULL,
peer_as_src INT(4) UNSIGNED NOT NULL,
packets INT UNSIGNED NOT NULL,
bytes BIGINT UNSIGNED NOT NULL,
stamp_inserted DATETIME NOT NULL,
stamp_updated DATETIME,
PRIMARY KEY (as_src, peer_as_src, stamp_inserted)
);
create table bgpout (
as_dst INT(4) UNSIGNED NOT NULL,
peer_as_dst INT(4) UNSIGNED NOT NULL,
packets INT UNSIGNED NOT NULL,
bytes BIGINT UNSIGNED NOT NULL,
stamp_inserted DATETIME NOT NULL,
stamp_updated DATETIME,
PRIMARY KEY (as_dst, peer_as_dst, stamp_inserted)
);
PS Some config-keys are commented because I still test some solutions.
Kind regards
Borys
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
