Hello again, with the changes you proposed it seems to work fine, the only missing AS i see now are from our own bgp system, I imagine that's because they aren't saved in the output of "sh ip bgp", so it can be easily fixed.
2013/7/9 Joan <aseq...@gmail.com> > I have done the change, I don't have yet any significant amount of flows > to analyze, so I'll be back later when I have more information. > Thanks a lot for your help, > > Joan > > > 2013/7/9 Paolo Lucente <pa...@pmacct.net> > >> Hi Joan, >> >> Please add 'pmacctd_as: file' to your config. Actually, in absence of any >> config directive at this propo, this should be the default setting (if, of >> course, a networks_file is loaded and we speak pmacctd daemon). >> >> Will reproduce your config in lab and see why that would not be happening. >> >> Cheers, >> Paolo >> >> On Tue, Jul 09, 2013 at 02:56:30PM +0200, Joan wrote: >> > Hi again, I am reopening this thread again because after upgrading to >> > current 0.14.3 version (which fixes all my crashes) the srcas/dstas data >> > still isn't populated. >> > >> > This is my current config: >> > daemonize: true >> > pidfile: /var/run/pmacctd.pid >> > syslog: daemon >> > aggregate: src_host,dst_host,dst_as,src_as >> > interface: br0 >> > plugins: nfprobe >> > networks_file: /etc/pmacct/networks.lst >> > nfprobe_receiver: 192.168.1.5:2591 >> > nfprobe_version: 9 >> > debug : true >> > >> > See the attached document for the dump of the flows that I am doing in >> the >> > flow collector. >> > >> > And an sample entry in the networks.lst file for one of the matches in >> the >> > file: >> > 29073,80.82.64.0/24 >> > >> > >> > >> > 2013/7/5 Paolo Lucente <pa...@pmacct.net> >> > >> > > xHi Joan, >> > > >> > > Thanks for explaining the background, it makes sense. To get ASNs info >> > > populated you should add src_as and dst_as primitives to your >> aggregate >> > > directive. Same as any further info you wish to see populated. >> > > >> > > Let me know how that goes. I see you dropped a separate email about a >> > > crash, along with a backtrace, thanks for that. I will look into it, >> > > ie. maybe you already hinted the above yourself and got to the next >> > > stage, and get back to you. >> > > >> > > Cheers, >> > > Paolo >> > > >> > > On Fri, Jul 05, 2013 at 02:35:15PM +0200, Joan wrote: >> > > > Hello, >> > > > >> > > > I am trying to get pmacct workting to replace softflowd because >> we'd like >> > > > to have the as numbers for the networks populated. >> > > > To accomplish this I am using the script to generate the >> networks_file >> > > from >> > > > quagga (I had a couple of issues but it's ok now) >> > > > >> > > > This is my pmactd.conf config: >> > > > /etc/pmacct/pmactd.conf >> > > > daemonize: true >> > > > >> > > > pidfile: /var/run/pmacctd.pid >> > > > >> > > > syslog: daemon >> > > > >> > > > aggregate: src_host,dst_host >> > > > >> > > > pcap_filter: net 0.0.0.0/0 >> > > > >> > > > interface: br0 >> > > > >> > > > plugins: nfprobe >> > > > >> > > > nfprobe_version: 9 >> > > > >> > > > networks_file: /etc/pmacct/networks.lst >> > > > >> > > > nfprobe_receiver: 192.168.1.5:2591 <http://192.168.1.8:2591> >> > > > >> > > > >> > > > nfprobe_version: 9 >> > > > >> > > > And in the flow collector I am checking for the as numbers with >> nfdump, >> > > but >> > > > the output of srcas/dstas is always 0 >> > > > nfdump -A srcas -N -M /var/lib/netflow/profiles-data/live/ -o >> "fmt:%sa >> > > > %fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425 >> > > > >> > > > Did I miss something in the pmacctd config? I don't see anything >> relevant >> > > > in the logs. >> > > >> > > > _______________________________________________ >> > > > pmacct-discussion mailing list >> > > > http://www.pmacct.net/#mailinglists >> > > >> > > >> > > _______________________________________________ >> > > pmacct-discussion mailing list >> > > http://www.pmacct.net/#mailinglists >> > > >> >> > nfdump -M /var/lib/netflow/profiles-data/live/ -R >> nfcapd.201307091410:nfcapd.201307091440 -A srcas,dstas,srcip,dstip >> > Date flow start Duration Src AS Dst AS Src IP Addr >> Dst IP Addr Packets Bytes bps Bpp Flows >> > 2013-07-09 13:30:18.679 14.592 0 0 218.94.15.226 >> 123.123.123.123 3 120 65 40 1 >> > 2013-07-09 14:07:54.345 3.094 0 0 92.81.226.61 >> 123.123.123.123 2 96 248 48 1 >> > 2013-07-09 14:32:49.080 0.000 0 0 188.165.95.171 >> 123.123.123.124 1 44 0 44 1 >> > 2013-07-09 09:20:01.379 18867.828 0 0 23.123.123.25 >> 224.0.0.6 1473 110892 47 75 1 >> > 2013-07-09 13:21:32.957 0.000 0 0 85.237.35.52 >> 123.123.123.123 1 60 0 60 1 >> > 2013-07-09 14:26:16.360 0.000 0 0 80.82.64.231 >> 123.123.123.124 1 29 0 29 1 >> > 2013-07-09 13:47:01.881 0.000 0 0 186.202.186.28 >> 123.123.123.124 1 52 0 52 1 >> > 2013-07-09 09:19:59.525 18878.256 0 0 123.123.123.25 >> 224.0.0.5 1889 151120 64 80 1 >> > 2013-07-09 13:28:24.305 0.000 0 0 61.147.103.117 >> 123.123.123.123 1 40 0 40 1 >> > >> >> > _______________________________________________ >> > pmacct-discussion mailing list >> > http://www.pmacct.net/#mailinglists >> >> >> _______________________________________________ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists >> > >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
