Hi Aurelien, Is it possible your traffic is VLAN-tagged and/or MPLS-labelled? That may explain why tagging is not working, pcap filters are sensible to that. See for example here:
https://www.mail-archive.com/[email protected]/msg02784.html Paolo On Tue, Apr 04, 2017 at 04:32:13PM +0200, Aurelien Kempiak wrote: > Hello there! > > I'm trying to tag my flows per set of hosts (each set is a customer) > and record them into mysql. > So, here is my (testing) pretag.map file : > > set_tag=101 ip=185.151.188.33 filter='src host 185.151.188.30' > set_tag=102 ip=185.151.188.34 filter='src host 185.151.188.30' > set_tag=103 ip=0.0.0.0/0 filter='src net 185.151.188.0/22' > set_tag=106 ip=0.0.0.0/0 > > And the relevant part of my sfacctd.conf file : > > ! tag filtering > pre_tag_map: /etc/pmacct/pretag.map > pre_tag_filter[if-out]: 101-106 > > ! aggregate definitions > aggregate[if-out]: tag, src_host > > With that configuration, flows done by 185.151.188.30 are well > recorded with '185.151.188.30' value in the 'ip_src' mysql field, > but they are never tagged with '101', nor '102', nor even '103' > values. They are tagged with '106' value. Like if the filter never > matches. > I have no idea why, could someone help please ? Thanks a lot ! > > > -- > > > > *Aurélien* *Kempiak* > *System & Network Engineer* > > *Fixe :* 03 59 82 20 05 > > 125 Avenue de la République 59110 La Madeleine > 12 rue Marivaux 75002 Paris > > <https://twitter.com/OdisoHosting> > <https://www.linkedin.com/company/odiso> > <http://www.viadeo.com/fr/company/odiso> > <https://www.facebook.com/monsiteestlent> > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
