[pmacct-discussion] configurafion

Wed, 18 May 2016 13:54:05 -0700 

Hi, I am trying to store flows to mysql, I have this nfacctd config:

nfacctd_time_new: true
aggregate: src_host,dst_host,post_nat_src_host,post_nat_dst_host,proto,src_port,dst_port 
plugins: mysql

sql_db: pmacct
sql_user: pmacct
sql_passwd: xxxx

sql_optimize_clauses: true
sql_table: acct_%Y%m%d_%H
sql_table_schema: /etc/pmacct/acct.schema
sql_refresh_time: 60
sql_history: 1m
sql_history_roundoff: m
sql_dont_try_update: true
sql_multi_values: 1048576
sql_startup_delay: 60


file acct.schema:
CREATE TABLE acct_%Y%m%d_%H (
        ip_src CHAR(15) NOT NULL,
        ip_dst CHAR(15) NOT NULL,
        post_nat_ip_src CHAR(15) NOT NULL,
        post_nat_ip_dst CHAR(15) NOT NULL,
        src_port SMALLINT UNSIGNED NOT NULL DEFAULT 0,
        dst_port SMALLINT UNSIGNED NOT NULL DEFAULT 0,
        ip_proto SMALLINT UNSIGNED NOT NULL DEFAULT 0,
        packets INT UNSIGNED NOT NULL,
        bytes BIGINT UNSIGNED NOT NULL,
        stamp_inserted DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
        stamp_updated DATETIME,
        KEY (ip_src, stamp_inserted),
        KEY (ip_dst, stamp_inserted)
);

I have flow timeout 60 secs on flow exporter (mikrotik).

I want one table per hour.

I want best possible sql performance, so directive sql_dont_try_update
is important for me (I thing). But I also need best possible time accurancy 
of flow start and end in database.

Now every flow exported in database takes two minutes:
(stamp_inserted: 2016-05-18 20:00:00 stamp_updated: 2016-05-18 20:02:01) 
although I make short data transfer (several seconds long)

Is there any way to improve time accurancy?
Last records in database has start time for example 2016-05-18 19:59:00 and end 2016-05-18 20:01:01, but last one minute belongs to next mysql table. Is there any way to have one hour table with flows which belongs in this hour?
subtraction stamp_updated-stamp_inserted is always 121 seconds, i thing I dont need stamp_updated in database? Btw why is difference 121 secs ? It may be 120 secs... 

I try scenario without sql_history, with 'nfacctd_time_new: false' and
with 'sql_dont_try_update: false', but in this setting I got table name
in mysql acct_19700101_01, why right date is not used?
i don't understand directive sql_history_roundoff, can you explain it to me? 

Thank you for help and suggestions

Jaroslav




_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to