Hi Paolo,
Thanks for the reply.
What worries me is that I got couple of these lines, before seeing the
tables (with some numerical numbers). It kept repeating, is this normal?
======
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown
template 262 [::ffff:10.1.10.20:256])
======
Probably I will need to use customised mysql schemas instead of the
templates in /sql directory right?
/chunsing
Paolo Lucente wrote:
Hi Chun Sing,
It's valid that there are fields which are left numerical in the debug;
i guess you ask because your L2 traffic is not being accounted (properly)
by pmacct, right? If this is the case can you please say whether you see
spurious data or nothing being accounted at all?
Bottom line is L2 NetFlow is supported. If something is not working in
a correct way, i'd be more than glad to assist you troubleshooting the
issue. A good way to start could be sending me privately a trace of the
full payload of your NetFlow datagrams (ie. using tpdump -s 1500) so
that i can have a look and, if required, replay in lab.
Let me know.
Cheers,
Paolo
On Sun, Jan 29, 2012 at 12:00:45PM +0800, Kerk Chun Sing wrote:
Hi all,
I'm new to pmacct, hope someone can shed some light on the symptom that
I'm seeing.
I'm exporting L2 netflow with the following template, however from the
nfacctd debug log, some of entries are interpreted as "58" and "256".
Is there something that I will need to tweak?
/chunsing
===================
hostname# show flow record netflow layer2-switched input
Flow record netflow layer2-switched input:
Description: layer2-switched input NetFlow
No. of users: 1
Template ID: 262
Fields:
match interface input
match interface output
match datalink mac source-address
match datalink mac destination-address
match datalink source-vlan-id
match datalink ethertype
match flow direction
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
====================
INFO ( default/core ): waiting for NetFlow data on :::9995
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown
template 262 [::ffff:10.1.10.20:256])
DEBUG ( default/core ): NfV9 agent : ::ffff:<my_ip_addr>:256
DEBUG ( default/core ): NfV9 template type : flow
DEBUG ( default/core ): NfV9 template ID : 260
DEBUG ( default/core ): ----------------------------------------
DEBUG ( default/core ): | field type | offset | size |
DEBUG ( default/core ): | input snmp | 0 | 4 |
DEBUG ( default/core ): | output snmp | 4 | 4 |
DEBUG ( default/core ): | direction | 8 | 1 |
DEBUG ( default/core ): | 256 | 9 | 2 |
DEBUG ( default/core ): | in bytes | 11 | 4 |
DEBUG ( default/core ): ----------------------------------------
DEBUG ( default/core ): Netflow V9/IPFIX record size : 15
DEBUG ( default/core ):
DEBUG ( default/core ): NfV9 agent : ::ffff:<my_ip_addr> :256
DEBUG ( default/core ): NfV9 template type : flow
DEBUG ( default/core ): NfV9 template ID : 262
DEBUG ( default/core ): ----------------------------------------
DEBUG ( default/core ): | field type | offset | size |
DEBUG ( default/core ): | input snmp | 0 | 4 |
DEBUG ( default/core ): | output snmp | 4 | 4 |
DEBUG ( default/core ): | in src mac | 8 | 6 |
DEBUG ( default/core ): | out dst mac | 14 | 6 |
DEBUG ( default/core ): | 58 | 20 | 2 |
DEBUG ( default/core ): | direction | 22 | 1 |
DEBUG ( default/core ): |256 | 23 | 2 |
DEBUG ( default/core ): | in bytes | 25 | 4 |
DEBUG ( default/core ): | in packets | 29 | 4 |
DEBUG ( default/core ): | last switched | 37 | 4 |
DEBUG ( default/core ): ----------------------------------------
DEBUG ( default/core ): Netflow V9/IPFIX record size : 41
DEBUG ( default/core ):
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
