Re: [pmacct-discussion] pmacct with nfprobe_direction / nfprobe_ifindex and pretag.map

Sun, 14 Jan 2024 07:48:35 -0800 


Hi Klaus,


Can you confirm what version of pmacct are you using? A 'pmacctd -V' 
would do.



I would like essentially to confirm that, for the first issue you are 
hitting, you are running either 1.7.8 or a recent code that includes 
this patch from Dec 15th: 
https://github.com/pmacct/pmacct/commit/547e24171b0da2775ad35aeb2997d586003cb674 
.



For the second issue you mention, ie. setting both input and output 
interface given a direction, let me confirm that the current mechanism 
does not support that -- the use case has been so far using src/dst IP 
address/prefix or src/dst MAC address to determine direction, and given 
that, set input OR output interface but not both.



You could use ULOG / uacctd, which should already return you both 
interfaces, just an idea if you are running Linux, it seems the system 
you are monitoring is passing traffic through. Otherwise to use the 
tagging mechanism, some dev would be required.


Paolo


On 11/1/24 11:11, Klaus Conrad wrote:

Hello everybody,

I'm currently struggling with properly setting up pmacct for the follow
scenario:

I need InputInt and OutputInt as well as Direction to be set in the
generated Netflow.

By default, InputInt/OutputInt are set to 0.

The traffic I'm capturing is VLAN tagged.

Now I want to set InputInt and OutputInt and Direction depending on the
VLAN tag of the captured traffic.

My pretag.map looks like this:

set_tag=2 vlan=10 jeq=eval_ifindexes
set_tag=1 vlan=11 jeq=eval_ifindexes
set_tag=2 vlan=20 jeq=eval_ifindexes
set_tag=1 vlan=21 jeq=eval_ifindexes
...
set_tag=999 filter='net 0.0.0.0/0'


set_tag2=62 vlan=10 label=eval_ifindexes
set_tag2=62 vlan=11
set_tag2=60 vlan=20
set_tag2=60 vlan=21
...
set_tag2=52 filter='net 0.0.0.0/0'



My pmacct.conf looks like this:

...
aggregate: src_host,dst_host,src_port,dst_port,proto,sampling_rate,vlan
nfprobe_ifindex_override[prod]: true
nfprobe_direction[prod]: tag
nfprobe_ifindex[prod]: tag2
pre_tag_map: /etc/pmacct/pretag.map


The problem I'm facing is as follows:

It appears that the first set_tag and set_tag2 rules always apply. So
all flows are tagged as "egress" and OutputInt is always set to 62,
regardless of the vlan tag of the captured traffic.


Also I do not understand how I could set both InputInt and OutputInt to
a non-zero value.

Thanks a lot in advance for any insight you can provide!

Klaus



_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists






















					Reply via email to