Hi Carl, Should you debug NetFlow v9 packets coming from the Mikrotik, do you actually see MAC addresses being reported? What you describe makes me thinking such information is not included. Let me know, should the information be there it would be nice to get a brief trace of the NetFlow export (full packet payload) to inspect it.
Cheers, Paolo On Thu, May 17, 2012 at 04:04:39PM +0000, Carl Farrington wrote: > Hi. I wonder if anybody can help. > I am using nfacctd as a netflow v9 -> mysql collector for a Mikrotik router > (routerOS v5.16). > I have added src_mac and dst_mac to the aggregate, but the mac addresses are > just entered as zeros. > Interestingly, before I added those to the aggregate, the src_msc and were > being logged as 0:0:0:0:0:0, and after I added to the aggregate, it's showing > as 00:00:00:00:00:00. > I'm new to all this stuff really, but I wonder if you have any tips for > troubleshooting? > My nfacctd.conf looks like: > daemonize: false > aggregate_filter[newapp]: dst port 25 or 443 > aggregate[newapp]: src_mac, dst_mac, src_port, dst_port, src_host, dst_host > nfacctd_time_new: true > plugins: mysql[newapp] > sql_db: pmacct > sql_table: acct > sql_table_version: 1 > sql_passwd: acleverpassword > sql_user: pmacctdbuser > sql_refresh_time: 90 > sql_history: 5m > sql_history_roundoff: mh > > Operating system is CentOS 5.7, x64. > > I had to compile with --disable-so. > > > Thanks, > > Carl _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
