Hi Eric,
Fantastic, thanks for confirming!
Paolo
On 18/11/2020 21:08, eric c wrote:
Good afternoon Paolo,
I missed a part in the receiver config:
BEFORE:
id=100 ip=192.168.10.50:3056 <http://192.168.10.50:3056/>
AFTER:
id=100 ip=192.168.10.50:3056 <http://192.168.10.50:3056> tag=100
I'm sorry about that. I tested it and it worked!
Thank you again for your help,
Eric
On Wed, Nov 18, 2020 at 12:22 PM eric c <xcell...@gmail.com
<mailto:xcell...@gmail.com>> wrote:
Hello Paolo,
Thank you for the reference. I just looked at this and tested it
but it did not filter out the network I specified. When I
wiresharked on the receiving host it was showing all traffic but not
the specified network (src_net=192.168.0.0/24 <http://192.168.0.0/24>) .
Below are the configs I used:
# nfacctd.conf
daemonize: false
nfacctd_port: 2055
nfacctd_ip: 0.0.0.0
logfile: /var/log/nfacctd.log
tee_transparent: true
maps_index: true
plugins: tee[a]
tee_receivers[a]: tee_receivers.lst
pre_tag_map[a]: pretag.map
plugin_buffer_size: 10240
plugin_pipe_size: 1024000
nfacctd_pipe_size: 1024000
# tee_receivers.lst
id=100 ip=192.168.10.50:3056 <http://192.168.10.50:3056>
# pretag.map
set_tag=100 ip=0.0.0.0/0 <http://0.0.0.0/0>
src_net=192.168.0.0/24 <http://192.168.0.0/24>
I'm using nfacctd 1.7.5-git (20200510-00); FYI
Is there another part I'm missing from the config?
Thank you!
Eric
On Wed, Nov 18, 2020 at 10:46 AM Paolo Lucente <pa...@pmacct.net
<mailto:pa...@pmacct.net>> wrote:
Hi Eric,
You could look at this piece of documentation for what you are
trying to
do:
https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-#L2200
<https://github.com/pmacct/pmacct/blob/1.7.5/QUICKSTART#L2106-%23L2200>
The example focuses on src_mac and dst_mac, you should be using
src_net
and dst_net instead.
Paolo
On 18/11/2020 05:38, eric c wrote:
> Good afternoon,
>
> Tring to setup nfacctd as replicator but would like to filter
what
> subnets to replicate to the next receiver.
>
> Below is a config that is working without filtering:
>
> # nfacctd.conf
> daemonize: false
> nfacctd_port: 2055
> nfacctd_ip: 0.0.0.0
> logfile: /var/log/nfacctd.log
>
> plugins: tee[a]
> tee_receivers[a]: tee_nflow_receivers.lst
> tee_transparent: true
>
> # tee_nflow_receivers.lst
> id=1 ip=192.168.10.50:3056 <http://192.168.10.50:3056>
<http://192.168.10.50:3056 <http://192.168.10.50:3056>>
>
> What config change can I add to only replicate IP src/dst to
10.0.0.0/24 <http://10.0.0.0/24>
> <http://10.0.0.0/24 <http://10.0.0.0/24>> and 192.168.0.0/24
<http://192.168.0.0/24> <http://192.168.0.0/24
<http://192.168.0.0/24>> for example?
>
> Thank you!
> Eric
>
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
<http://www.pmacct.net/#mailinglists>
>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
<http://www.pmacct.net/#mailinglists>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
