I'm using the nfacctd process to capture netflow data. All the routers are
writing to the exposed udp port.
I'm writing the output the rabbit MQ and the output looks like this:
This is an example of the output I'm getting:
{
"event_type": "purge",
"as_src": 0,
"as_dst": 0,
"as_path": "",
"local_pref": 0,
"med": 0,
"peer_as_src": 0,
"peer_as_dst": 0,
"peer_ip_src": "192.168.32.1",
"peer_ip_dst": "",
"iface_in": 909,
"iface_out": 517,
"ip_src": "87.100.13.241",
"ip_dst": "106.89.180.131",
"port_src": 55664,
"port_dst": 443,
"ip_proto": "tcp",
"timestamp_start": "1574664912.000000",
"timestamp_end": "1574665005.000000",
"packets": 700,
"bytes": 39200,
"writer_id": "default_amqp/18"}
For the fields i'm in my config I'm using these so far:
aggregate:
peer_src_ip,label,src_host,dst_host,src_port,dst_port,proto,in_iface,out_iface,src_as,dst_as,peer_dst_ip,timestamp_start,timestamp_end,as_path,peer_src_as,peer_dst_as,local_pref,med
What config key should I enable that allows the iframe index in/out to be
visible?
--
Samir Faci
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
