I have pmacct v0.11.6 running on Ubuntu 10.04 for about 8 hours now, using
the following config:
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
!
! interested in in and outbound traffic
aggregate: src_host,dst_host,src_port
! on this interface
interface: eth0
When I sum the counters for port 6201, I get:
$ pmacct -c src_port -N 6201 -n bytes | awk '{ print $1 " Bytes"; print $1
/ 2^30 " Gigabytes" }'
709264151 Bytes
0.660554 Gigabytes
When I do the summing in awk, I get:
$ pmacct -s | awk '/ 6201 / { total+=$5 } END { print total " Bytes"; print
total / 2^30 " Gigabytes" }'
13595724124 Bytes
12.662 Gigabytes
However, I know for a fact that the service running on port 6201 has
transferred at least 70 Gigabytes within this period, all TCP traffic.
This leads me to 2 questions:
1. Why are the pmacct counters off by that much?
2. Why the huge difference between pmacct -c & pmacct -s with awk summing?
Cheers, Gerhard
------------------------------
Twitter <http://twitter.com/#!/gerhardlazu> Github<https://github.com/gerhard>
Blog <http://gerhardlazu.com/>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
