Hello Paolo. Just hade a remote session with Luca Dari from ntopng. Seems the starttime/endtime in the flows are not correct too :
Timestamp: May 6, 2021 08:11:03.000000000 CEST ExportTime: 1620281463 FlowSequence: 34583266 Observation Domain Id: 0 Set 1 [id=1024] (4 flows) FlowSet Id: (Data) (1024) FlowSet Length: 308 [Template Frame: 9] Flow 1 [Duration: 877515505.664000000 seconds (milliseconds)] StartTime: Nov 13, 112781 17:46:47.000000000 CET EndTime: May 28, 511486763 17:23:04.664000000 CET I can provide you a full capture if needed. Regards Cédric Le mer. 5 mai 2021 à 15:26, BASSAGET Cédric <cedric.bassaget...@gmail.com> a écrit : > Hello Paolo :) > > I was running : > # pmacctd -V > Promiscuous Mode Accounting Daemon, pmacctd 1.7.2-git (20181018-00+c3) > 3.0-0.bpo.2-amd64 #1 SMP Debian 5.3.9-2~bpo10+1 (2019-11-13) x86_64 > > > I tried to compile github release yesterday but it failed. Tried again a > few minutes ago and compilation seem to work now. > pmacctd 1.7.7-git (20210505-1 (3edef0c3)) > > but unfortunately I have the same problem : src_as / dst_as field is still > 0 :( > > Regards > Cédric > > > Le mar. 4 mai 2021 à 21:27, Paolo Lucente <pa...@pmacct.net> a écrit : > >> >> Hi Cedric, >> >> It seems this should work. Can you confirm what version are you using? a >> "pmacctd -V" would do so that i try to reproduce (and/or encourage you >> to get to 1.7.6 or master code on GitHub 8-)). >> >> Paolo >> >> On 4/5/21 14:56, BASSAGET Cédric wrote: >> > Hello, >> > I'm (once again) trying to export netflow from a Linux / bird router to >> > an external probe. But I can't get src_as / dst_as in my netflow >> export... >> > >> > bgp session between pmacct and bird is OK : >> > bird> show route export pmacct count >> > 871845 of 2695832 routes for 876157 networks >> > >> > if I set a "bgp_table_dump_file" file, it is filled with the full-view >> > content (stuff like : >> > >> > {"timestamp": "2021-05-04 14:40:00", "peer_ip_src": "127.0.0.1", >> > "peer_tcp_port": 60836, "event_type": "dump", "afi": 1, "safi": 1, >> > "ip_prefix": "1.22.148.0/24 <http://1.22.148.0/24>", "bgp_nexthop": >> > "149.14.152.113", "as_path": "174 6453 4755 45528 45528 45528 45528 >> > 45528", "comms": "174:21100 174:22008", "origin": 0, "local_pref": 100, >> > "med": 2021} >> > >> > note that pmacctd stops with the following warning when it has finished >> > to write this file : >> > INFO ( default/core/BGP ): *** Dumping BGP tables - START (PID: 9379) >> *** >> > INFO ( default/core/BGP ): *** Dumping BGP tables - END (PID: 9379, >> > TABLES: 2 ET: 8) *** >> > WARN ( default/core ): connection lost to 'ip-nfprobe'; closing >> connection. >> > WARN ( default/core ): no more plugins active. Shutting down. >> > >> > Here's my config : >> > >> > # cat /etc/pmacct/pmacctd.netflow.conf >> > debug: false >> > daemonize: false >> > interface: bond0 >> > aggregate: etype, tag, src_host, dst_host, src_port, dst_port, proto, >> > tos, src_as, dst_as, vlan >> > >> > nfprobe_version: 10 >> > plugins: nfprobe[ip] >> > >> > nfprobe_receiver[ip]: 192.168.156.109:4739 <http://192.168.156.109:4739 >> > >> > nfprobe_timeouts[ip]: tcp=120:maxlife=3600 >> > pmacctd_flow_lifetime: 30 >> > >> > sampling_rate: 10 >> > >> > pmacctd_as: bgp >> > bgp_daemon: true >> > bgp_daemon_ip: 127.0.0.1 >> > !bgp_daemon_ip: :: >> > bgp_daemon_as: 203xxx >> > bgp_daemon_port: 17917 >> > bgp_agent_map: /etc/pmacct/bgp_agent_map.map >> > bgp_peer_as_skip_subas: true >> > bgp_peer_src_as_type: bgp >> > ! pre_tag_map: /etc/pmacct/pretag.map >> > >> > ! bgp_table_dump_file: /tmp/bgp-$peer_src_ip-%H%M.log >> > ! bgp_table_dump_refresh_time: 600 >> > >> > # cat /etc/pmacct/bgp_agent_map.map >> > bgp_ip=185.x.y.z ip=0.0.0.0/0 <http://0.0.0.0/0> >> > >> > >> > Can somebody tell me what I'm missing ? I used to make it work about 1 >> > year ago... long time ago ! >> > >> > Thanks a lot for you help. >> > Regards >> > Cédric >> > >> > _______________________________________________ >> > pmacct-discussion mailing list >> > http://www.pmacct.net/#mailinglists >> > >> >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists