Hi all, I have a router with multiple interfaces and will need to account traffic at its several WAN interfaces. My purpose is toaccount the traffic with the tuple details and the direction.
As a test I have compiled the following simple configuration for pmacctd: ! daemonize: true plugins: print[wan0_in], print[wan0_out] print_refresh_time: 10 print_history: 15m ! print_output[wan0_in]: csv print_output_file[wan0_in]: in_traffic.csv print_output[wan0_out]: csv print_output_file[wan0_out]: out_traffic.csv ! aggregate[wan0_in]: src_host, dst_host, src_port, dst_port, tag aggregate[wan0_out]: src_host, dst_host, src_port, dst_port, tag ! pre_tag_filter[wan0_in]:1 pre_tag_filter[wan0_out]:2 ! pcap_interface: eth0 pre_tag_map: pretag.map networks_file: networks.lst ports_file: ports.lst ! where pretag.map is: set_tag=1 filter='ether dst 52:54:00:69:a6:0b' set_tag=2 filter='ether src 52:54:00:69:a6:0b' and networks.lst is: 10.100.100.0/24 It seems that the details output at the CSV are correctly filtered according to the tag, thus recording the direction also, based on the MAC address of the WAN0 interface. Is this the correct approach to achieve this or is there any other recommended way? Do I need to use aggregate_filters? Also, although I have set a network filter to capture only 10.100.100.0/24, I observe several networks in/out being collected, indicating that the network_file directive is ignored or I have misunderstood its purpose. My purpose it to collect traffic only generated from subnets that belong to configured interfaces of the router. Thanx for your feedback! Alex
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
