Hi, I’m trying to export IPFIX/NetFlow9 from pmacctd/nfprobe v1.7.7 running on a ubuntu 20.04 in a lab environment. The Linux box has 2 interfaces: one L2 where pmacctd listen packets coming from an external router port mirror, and another L3 from which the NetFlow stream should be originated. pmacctd does bgp peering with the external router. I also have configured a memory plugin with the same aggregate set of nfprobe. Everything works fine except the src_as and dst_as fields in the IPFIX stream: they are always set to zero. But if I look at the memory plugin flows table, using pmacct -s, the src_as and dst_as fields are correctly populated.
This is the pmacctd config file: ! General config debug: false daemonize: false pcap_interface: ens4 pcap_interface_wait: true pre_tag_map: pretag.map pmacctd_ext_sampling_rate: 1000 pmacctd_net: bgp pmacctd_as: bgp ! BGP Daemon config bgp_daemon: true bgp_daemon_ip: 10.0.224.146 bgp_daemon_id: 10.0.224.146 bgp_daemon_as: 65100 bgp_agent_map: bgp_peers.map ! Plugin declarations plugins: nfprobe[zflow], memory[mem] ! zflow plugin config aggregate[zflow]: src_host, dst_host, src_mask, dst_mask, src_as, dst_as nfprobe_receiver[zflow]: 10.0.224.134:2055 nfprobe_version[zflow]: 10 nfprobe_timeouts: expint=10:maxlife=10 nfprobe_direction[zflow]: tag nfprobe_maxflows[zflow]: 65535 nfprobe_source_ip[zflow]: 10.0.224.146 nfprobe_engine[zflow]: 10 ! mem plugin config aggregate[mem]: src_host, dst_host, src_mask, dst_mask, src_as, dst_as This is the bgp_peers.map file: bgp_ip=10.0.224.145 ip=10.0.224.146 And this is the pretag.map file: set_tag=1 filter='vlan 100' set_tag=2 filter='vlan 101’ Any help would be very appreciated. Cheers, Luca _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
