Hi Michal,
The deal breaker is the format / encoding. If you can consume
JSON-decded NetFlow then possibilities are pretty much infinite. If you
want the binary NetFlow / IPFIX encoding then, unfortunately, no joy.
Paolo
On 15/02/2021 10:49, Michał Margula wrote:
Hi Paolo,
Thank you for your reply. I really was hoping it would work :). Do you
think it is still possible with nfacctd and just dumping traffic on the
ethernet interface instead of receiving netflow?
pon., 15 lut 2021 o 01:07 Paolo Lucente <pa...@pmacct.net
<mailto:pa...@pmacct.net>> napisał(a):
Hi Michal,
Similar topic was discussed recently on the list (*) but, as you can
see, the broad generic answer to it is negative.
Paolo
(*)
https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg04028.html
<https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg04028.html>
On 14/02/2021 22:34, Michał Margula wrote:
> Hi,
>
> I am trying to achieve following setup with pmacct:
> - receive netflow export from X that does not contain AS numbers
> - resend it to Y but adding AS number information
>
> I was able to configure BGP peering with one of our routers
(tried both
> with Cisco and FRR). I tried both eBGP and IBGP. I confirmed both
on the
> router and the pmacct (via bgp_table_dump_file) that I am correctly
> receiving the BGP feed. I also tried two versions of
bgp_agent_map - one
> with router-id of the router and another with just the IP I am
peering
> with under bgp_ip.
>
> Then I tried with pmacctd instead of nfacctd but with no luck. AS
> numbers are always empty in netflow export, it is the same when I do
> pmacct -s -a. This is the config I used for nfacctd:
>
> root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
> ! nfacctd configuration
> !
> !
> !
> daemonize: true
> pidfile: /var/run/nfacctd.pid
> syslog: daemon
>
> nfacctd_ip: 127.0.0.1
> nfacctd_port: 2100
> root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
> ! nfacctd configuration
> !
> !
> !
> daemonize: true
> pidfile: /var/run/nfacctd.pid
> syslog: daemon
>
> nfacctd_ip: 127.0.0.1
> nfacctd_port: 2100
>
> bgp_daemon: true
> bgp_daemon_ip: 192.168.223.10
> bgp_daemon_max_peers: 100
> bgp_daemon_as: 65535
> bgp_agent_map: /etc/pmacct/bgp_agent.map
> nfacctd_as: bgp
>
> plugins: tee[a]
> tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
> root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
> bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0 <http://0.0.0.0/0>
>
> root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
> id=1 ip=192.168.222.9:7779 <http://192.168.222.9:7779>
>
>
> bgp_daemon: true
> bgp_daemon_ip: 192.168.223.10
> bgp_daemon_max_peers: 100
> bgp_daemon_as: 65535
> bgp_agent_map: /etc/pmacct/bgp_agent.map
> nfacctd_as: bgp
>
> plugins: tee[a]
> tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
> root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
> bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0 <http://0.0.0.0/0>
>
> root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
> id=1 ip=192.168.222.9:7779 <http://192.168.222.9:7779>
>
> And this is pmacctd config I used:
>
> root@netflow:/home/alchemyx# cat /etc/pmacct/pmacctd.conf
> ! pmacctd configuration
> !
> !
> !
> daemonize: true
> pidfile: /var/run/pmacctd.pid
> syslog: daemon
>
> promisc: true
> aggregate: src_host,dst_host
> interface: ens16f0
> pmacctd_as: bgp
> pmacctd_net: bgp
>
> nfprobe_receiver: 192.168.222.9:7779 <http://192.168.222.9:7779>
> nfprobe_version: 9
>
> bgp_daemon: true
> bgp_daemon_ip: 192.168.223.10
> bgp_daemon_max_peers: 100
> bgp_daemon_as: 205679
> bgp_agent_map: /etc/pmacct/bgp_agent.map
> plugin_buffer_size: 409600
> plugin_pipe_size: 409600000
>
> And bgp_agent.map is the same. I feel like I am missing something
> obvious, but can't find it. Any help would be greatly appreciatd.
>
> Kind regards,
> Michał
>
--
Michał Margula, mic...@margula.pl <mailto:mic...@margula.pl>
"W życiu piękne są tylko chwile" [Ryszard Riedel]
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
