Hello Paolo.
Just hade a remote session with Luca Dari from ntopng. Seems the
starttime/endtime in the flows are not correct too :
Timestamp: May 6, 2021 08:11:03.000000000 CEST
ExportTime: 1620281463
FlowSequence: 34583266
Observation Domain Id: 0
Set 1 [id=1024] (4 flows)
FlowSet Id: (Data) (1024)
FlowSet Length: 308
[Template Frame: 9]
Flow 1
[Duration: 877515505.664000000 seconds (milliseconds)]
StartTime: Nov 13, 112781 17:46:47.000000000 CET
EndTime: May 28, 511486763 17:23:04.664000000 CET
I can provide you a full capture if needed.
Regards
Cédric
Le mer. 5 mai 2021 à 15:26, BASSAGET Cédric <cedric.bassaget...@gmail.com>
a écrit :
> Hello Paolo :)
>
> I was running :
> # pmacctd -V
> Promiscuous Mode Accounting Daemon, pmacctd 1.7.2-git (20181018-00+c3)
> 3.0-0.bpo.2-amd64 #1 SMP Debian 5.3.9-2~bpo10+1 (2019-11-13) x86_64
>
>
> I tried to compile github release yesterday but it failed. Tried again a
> few minutes ago and compilation seem to work now.
> pmacctd 1.7.7-git (20210505-1 (3edef0c3))
>
> but unfortunately I have the same problem : src_as / dst_as field is still
> 0 :(
>
> Regards
> Cédric
>
>
> Le mar. 4 mai 2021 à 21:27, Paolo Lucente <pa...@pmacct.net> a écrit :
>
>>
>> Hi Cedric,
>>
>> It seems this should work. Can you confirm what version are you using? a
>> "pmacctd -V" would do so that i try to reproduce (and/or encourage you
>> to get to 1.7.6 or master code on GitHub 8-)).
>>
>> Paolo
>>
>> On 4/5/21 14:56, BASSAGET Cédric wrote:
>> > Hello,
>> > I'm (once again) trying to export netflow from a Linux / bird router to
>> > an external probe. But I can't get src_as / dst_as in my netflow
>> export...
>> >
>> > bgp session between pmacct and bird is OK :
>> > bird> show route export pmacct count
>> > 871845 of 2695832 routes for 876157 networks
>> >
>> > if I set a "bgp_table_dump_file" file, it is filled with the full-view
>> > content (stuff like :
>> >
>> > {"timestamp": "2021-05-04 14:40:00", "peer_ip_src": "127.0.0.1",
>> > "peer_tcp_port": 60836, "event_type": "dump", "afi": 1, "safi": 1,
>> > "ip_prefix": "1.22.148.0/24 <http://1.22.148.0/24>", "bgp_nexthop":
>> > "149.14.152.113", "as_path": "174 6453 4755 45528 45528 45528 45528
>> > 45528", "comms": "174:21100 174:22008", "origin": 0, "local_pref": 100,
>> > "med": 2021}
>> >
>> > note that pmacctd stops with the following warning when it has finished
>> > to write this file :
>> > INFO ( default/core/BGP ): *** Dumping BGP tables - START (PID: 9379)
>> ***
>> > INFO ( default/core/BGP ): *** Dumping BGP tables - END (PID: 9379,
>> > TABLES: 2 ET: 8) ***
>> > WARN ( default/core ): connection lost to 'ip-nfprobe'; closing
>> connection.
>> > WARN ( default/core ): no more plugins active. Shutting down.
>> >
>> > Here's my config :
>> >
>> > # cat /etc/pmacct/pmacctd.netflow.conf
>> > debug: false
>> > daemonize: false
>> > interface: bond0
>> > aggregate: etype, tag, src_host, dst_host, src_port, dst_port, proto,
>> > tos, src_as, dst_as, vlan
>> >
>> > nfprobe_version: 10
>> > plugins: nfprobe[ip]
>> >
>> > nfprobe_receiver[ip]: 192.168.156.109:4739 <http://192.168.156.109:4739
>> >
>> > nfprobe_timeouts[ip]: tcp=120:maxlife=3600
>> > pmacctd_flow_lifetime: 30
>> >
>> > sampling_rate: 10
>> >
>> > pmacctd_as: bgp
>> > bgp_daemon: true
>> > bgp_daemon_ip: 127.0.0.1
>> > !bgp_daemon_ip: ::
>> > bgp_daemon_as: 203xxx
>> > bgp_daemon_port: 17917
>> > bgp_agent_map: /etc/pmacct/bgp_agent_map.map
>> > bgp_peer_as_skip_subas: true
>> > bgp_peer_src_as_type: bgp
>> > ! pre_tag_map: /etc/pmacct/pretag.map
>> >
>> > ! bgp_table_dump_file: /tmp/bgp-$peer_src_ip-%H%M.log
>> > ! bgp_table_dump_refresh_time: 600
>> >
>> > # cat /etc/pmacct/bgp_agent_map.map
>> > bgp_ip=185.x.y.z ip=0.0.0.0/0 <http://0.0.0.0/0>
>> >
>> >
>> > Can somebody tell me what I'm missing ? I used to make it work about 1
>> > year ago... long time ago !
>> >
>> > Thanks a lot for you help.
>> > Regards
>> > Cédric
>> >
>> > _______________________________________________
>> > pmacct-discussion mailing list
>> > http://www.pmacct.net/#mailinglists
>> >
>>
>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
