Everyone;
I am trying to use pmacctd to track and monitor traffic flow on a CentOS
6 server for all of the major services/ports. My config file looks like
this:
debug: false
promisc: false
daemonize: true
plugins: memory[in], memory[out]
interface: eth0
logfile: /opt/AstNMS/var/log/pmacctd.log
plugin_pipe_size: 10485760
plugin_buffer_size: 10240
aggregate[in]: src_host, src_port, dst_host, dst_port
aggregate[out]: src_host, src_port, dst_host, dst_port
aggregate_filter[in]: dst net 192.168.2.85/32
aggregate_filter[out]: src net 192.168.2.85/32
imt_path[in]: /opt/AstNMS/var/run/pmacctd_in.pipe
imt_path[out]: /opt/AstNMS/var/run/pmacctd_out.pipe
imt_mem_pools_number: 10
imt_mem_pools_size: 102400000
ports_file: /opt/AstNMS/conf/ports.list
I run my script out of CRON every 5 minutes, then dump the stats to a file
for processing. Then I reset the counters using -e and -i and start again.
Here is a sample.
SRC_IP DST_IP SRC_PORT DST_PORT
PACKETS BYTES
192.168.2.205 192.168.2.85 8086 0
46 4067
192.168.2.75 192.168.2.85 5060 5060
2 1080
192.168.2.89 192.168.2.85 0 0
5 480
Unfortunately, the last line above lists the src and dst ports as zero. Why
is this happening? I imagine that this is also the reason why my byte count
doesn't make any sense. Any insight at all with this would be greatly
appreciated.
Thanks;
John
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
