Hi, I'm testing pmacct on my network, and pmacct runs on a box inbetween my LAN switch and My ADSL router, and i'm using layer 7 classifires for classify traffic. But when testing I observed that the traffic is not correctly displayed according to the classification some of the problems i've seen are listed below.
1. Most of the http traffic are classifed as finger. 2. All the other traffic are also shown either as unknown or in some other non-relevant protocols. my pmacct config file is as follows ############################ debug: false daemonize: true interface: eth0 classifiers: /usr/local/lL7 snaplen: 700 classifier_tentatives: 7 plugin_buffer_size: 10240 plugin_pipe_size: 10240000 plugins: memory[all] aggregate[all]: src_mac, dst_mac, src_host, src_port, dst_host, dst_port, class aggregate_filter[all]: imt_path[all]: /tmp/all.pipe ############################ I've downloaded the pattern files from the following link and extracted all the .pat files into /usr/local/L7 folder. I'm wondering wether this is my configuration problem or else the problem is with pattern files. Any help would be highly appreciated. Regards, Buddhike. LINK : http://sourceforge.net/projects/l7-filter/files/Protocol%20definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz/download -- breakIT
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
