Re: [pmacct-discussion] Next-hop not populated when using networks file

2014-04-08 Thread Joan 
Ok, I think I got it now (still not workin though), there where several
wrong assumptions from my part:

- Next hop is only (logicaly) stored for outgoing packets

- I am using nfsen (ncapd) to capture the flows, by default, nfcapd
captures netflow v9 but only extensions 1 (input/output interface SNMP
numbers)  and 2 (src/dst AS numbers), the nex-hop ip address is extension 4.
So I had to reconfigure nfsen so it added "-T +4" to the nfcapd daemon

- A very nice way to debug the flow data is by using tshark (even on non
standard ports):
  tshark -i eth1 host 192.168.1.22 -d udp.port==2591,cflow  -s0 -V

Thanks for all your help,

Joan


2014-04-07 20:56 GMT+02:00 Paolo Lucente :

> Hi Joan,
>
> I've just tried to reproduce the issue with latest CVS with
> no luck, ie. BGP next-hop information is inserted just fine.
>
> If you make a pcap capture of the NetFlow traffic produced
> by nfprobe (or are able to debug NetFlow v9 templates in the
> collector tool) do you reckon the BGP next-hop field is part
> of the template (and hence left as 0.0.0.0)?
>
> Cheers,
> Paolo
>
> On Mon, Apr 07, 2014 at 04:37:29PM +0200, Joan wrote:
> > Just tried it, it seems that pmacct isn't yet adding th nexthop
> > information, this is my current config, I added the
> peer_src_ip,peer_dst_ip
> > primitives and the nfacctd_net: file, maybe I'm missing something
> >
> > ! pmacctd configuration
> > >
> > > !
> > >
> > > !
> > >
> > > !
> > >
> > > daemonize: true
> > >
> > > pidfile: /var/run/pmacctd.pid
> > >
> > > syslog: daemon
> > >
> > > !
> > >
> > > ! interested in in and outbound traffic
> > >
> > > !aggregate: src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos
> > >
> > > aggregate:
> > >
> src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip
> > >
> > > ! on this network
> > >
> > > !pcap_filter: net 0.0.0.0/0
> > >
> > > ! on this interface
> > >
> > > interface: eth0
> > >
> > > !
> > >
> > >
> > >
> > > plugins: nfprobe
> > >
> > > networks_file: /etc/pmacct/networks.lst
> > >
> > > refresh_maps: true
> > > nfprobe_receiver: 192.168.1.123:2591
> > > nfprobe_version: 9
> > > pmacctd_as: file
> > > !added after last email
> > > nfacctd_net: file
> > > !plugin_pipe_size: 2048000
> > > !plugin_buffer_size: 2048
> > > plugin_pipe_size: 4096000
> > > plugin_buffer_size: 4096
> > > debug : false
> >
> >
> >
> > Sample file:
> > > 123.123.123.123,17766,223.255.235.0/24
> > > 123.123.123.123,56000,223.255.236.0/24
> > > 123.123.123.123,56000,223.255.237.0/24
> > > 123.123.123.123,56000,223.255.238.0/24
> > > 123.123.123.123,56000,223.255.239.0/24
> > > 123.123.123.123,55649,223.255.240.0/22
> > > 123.123.123.123,55649,223.255.240.0/24
> > > 123.123.123.123,55649,223.255.241.0/24
> > > 123.123.123.123,55649,223.255.242.0/24
> > > 123.123.123.123,55649,223.255.243.0/24
> > > 123.123.123.123,45954,223.255.244.0/24
> > > 123.123.123.123,45954,223.255.245.0/24
> > > 123.123.123.123,45954,223.255.246.0/24
> > > 123.123.123.123,45954,223.255.247.0/24
> > > 123.123.123.123,55415,223.255.254.0/24
> >
> >
> >
> >
> > 2014-04-07 16:16 GMT+02:00 Joan :
> >
> > > The date I've in the checkout folder is Feb, 17th, and it's probably
> from
> > > those days (also it's trunk code), I'll update to current head and
> test it
> > > again.
> > >
> > >
> > >
> > > 2014-04-05 4:22 GMT+02:00 Paolo Lucente :
> > >
> > > Hi Joan,
> > >>
> > >> Can you confirm you do not run a CVS build past Feb, 5th
> > >> and you want the BGP next-hop taken from a networks_file
> > >> in conjunction with the nfprobe plugin? If yes, you should
> > >> be sorted if downloading latest CVS:
> > >>
> > >> https://www.mail-archive.com/pmacct-commits@pmacct.net/msg00981.html
> > >>
> > >> For the BGP next-hop to be taken from a networks_file you
> > >> should also configure nfacctd_net to 'file': as you might
> > >> see from docs that's the one influencing 'peer_dst_ip' (or
> > >> BGP next-hop). Let me know if this is of help.
> > &

Re: [pmacct-discussion] Next-hop not populated when using networks file

2014-04-07 Thread Joan 
Just tried it, it seems that pmacct isn't yet adding th nexthop
information, this is my current config, I added the peer_src_ip,peer_dst_ip
primitives and the nfacctd_net: file, maybe I'm missing something

! pmacctd configuration
>
> !
>
> !
>
> !
>
> daemonize: true
>
> pidfile: /var/run/pmacctd.pid
>
> syslog: daemon
>
> !
>
> ! interested in in and outbound traffic
>
> !aggregate: src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos
>
> aggregate:
> src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip
>
> ! on this network
>
> !pcap_filter: net 0.0.0.0/0
>
> ! on this interface
>
> interface: eth0
>
> !
>
>
>
> plugins: nfprobe
>
> networks_file: /etc/pmacct/networks.lst
>
> refresh_maps: true
> nfprobe_receiver: 192.168.1.123:2591
> nfprobe_version: 9
> pmacctd_as: file
> !added after last email
> nfacctd_net: file
> !plugin_pipe_size: 2048000
> !plugin_buffer_size: 2048
> plugin_pipe_size: 4096000
> plugin_buffer_size: 4096
> debug : false



Sample file:
> 123.123.123.123,17766,223.255.235.0/24
> 123.123.123.123,56000,223.255.236.0/24
> 123.123.123.123,56000,223.255.237.0/24
> 123.123.123.123,56000,223.255.238.0/24
> 123.123.123.123,56000,223.255.239.0/24
> 123.123.123.123,55649,223.255.240.0/22
> 123.123.123.123,55649,223.255.240.0/24
> 123.123.123.123,55649,223.255.241.0/24
> 123.123.123.123,55649,223.255.242.0/24
> 123.123.123.123,55649,223.255.243.0/24
> 123.123.123.123,45954,223.255.244.0/24
> 123.123.123.123,45954,223.255.245.0/24
> 123.123.123.123,45954,223.255.246.0/24
> 123.123.123.123,45954,223.255.247.0/24
> 123.123.123.123,55415,223.255.254.0/24




2014-04-07 16:16 GMT+02:00 Joan :

> The date I've in the checkout folder is Feb, 17th, and it's probably from
> those days (also it's trunk code), I'll update to current head and test it
> again.
>
>
>
> 2014-04-05 4:22 GMT+02:00 Paolo Lucente :
>
> Hi Joan,
>>
>> Can you confirm you do not run a CVS build past Feb, 5th
>> and you want the BGP next-hop taken from a networks_file
>> in conjunction with the nfprobe plugin? If yes, you should
>> be sorted if downloading latest CVS:
>>
>> https://www.mail-archive.com/pmacct-commits@pmacct.net/msg00981.html
>>
>> For the BGP next-hop to be taken from a networks_file you
>> should also configure nfacctd_net to 'file': as you might
>> see from docs that's the one influencing 'peer_dst_ip' (or
>> BGP next-hop). Let me know if this is of help.
>>
>> Cheers,
>> Paolo
>>
>> On Fri, Apr 04, 2014 at 11:39:28AM +0200, Joan wrote:
>> > I am using a networks_file such as this, being the next hop
>> > 123.123.123.123, I do have other bgp providers for other routes.
>> >
>> > 123.123.123.123,17766,223.255.235.0/24
>> > 123.123.123.123,56000,223.255.236.0/24
>> > 123.123.123.123,56000,223.255.237.0/24
>> > 123.123.123.123,56000,223.255.238.0/24
>> > 123.123.123.123,56000,223.255.239.0/24
>> > 123.123.123.123,55649,223.255.240.0/22
>> > 123.123.123.123,55649,223.255.240.0/24
>> > 123.123.123.123,55649,223.255.241.0/24
>> > 123.123.123.123,55649,223.255.242.0/24
>> > 123.123.123.123,55649,223.255.243.0/24
>> > 123.123.123.123,45954,223.255.244.0/24
>> > 123.123.123.123,45954,223.255.245.0/24
>> > 123.123.123.123,45954,223.255.246.0/24
>> > 123.123.123.123,45954,223.255.247.0/24
>> > 123.123.123.123,55415,223.255.254.0/24
>> >
>> >
>> > The issue I am having is that altough the AS numbers are properly
>> > populated, the  BGPNextHop field is always 0.0.0.0
>> >
>> > I am using this aggregate list:
>> > aggregate:
>> src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip
>> >
>> >
>> > >From the config keys (http://wiki.pmacct.net/OfficialConfigKeys) i
>> read:
>> > > when 'true' ('file' being an alias of 'true') it instructs nfacctd
>> and sfacctd to generate 'src_as' and 'dst_as' (only! ie. no peer-AS) by
>> looking up
>> > > source and destination IP addresses against a networks_file
>> >
>> > So apparently it won't populate BGPNextHop when using networks file,
>> > is that right? Is the only resort to get that information would be to
>> > have a bgp session stablished?
>> >
>> > ___
>> > pmacct-discussion mailing list
>> > http://www.pmacct.net/#mailinglists
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Next-hop not populated when using networks file

2014-04-07 Thread Joan 
The date I've in the checkout folder is Feb, 17th, and it's probably from
those days (also it's trunk code), I'll update to current head and test it
again.



2014-04-05 4:22 GMT+02:00 Paolo Lucente :

> Hi Joan,
>
> Can you confirm you do not run a CVS build past Feb, 5th
> and you want the BGP next-hop taken from a networks_file
> in conjunction with the nfprobe plugin? If yes, you should
> be sorted if downloading latest CVS:
>
> https://www.mail-archive.com/pmacct-commits@pmacct.net/msg00981.html
>
> For the BGP next-hop to be taken from a networks_file you
> should also configure nfacctd_net to 'file': as you might
> see from docs that's the one influencing 'peer_dst_ip' (or
> BGP next-hop). Let me know if this is of help.
>
> Cheers,
> Paolo
>
> On Fri, Apr 04, 2014 at 11:39:28AM +0200, Joan wrote:
> > I am using a networks_file such as this, being the next hop
> > 123.123.123.123, I do have other bgp providers for other routes.
> >
> > 123.123.123.123,17766,223.255.235.0/24
> > 123.123.123.123,56000,223.255.236.0/24
> > 123.123.123.123,56000,223.255.237.0/24
> > 123.123.123.123,56000,223.255.238.0/24
> > 123.123.123.123,56000,223.255.239.0/24
> > 123.123.123.123,55649,223.255.240.0/22
> > 123.123.123.123,55649,223.255.240.0/24
> > 123.123.123.123,55649,223.255.241.0/24
> > 123.123.123.123,55649,223.255.242.0/24
> > 123.123.123.123,55649,223.255.243.0/24
> > 123.123.123.123,45954,223.255.244.0/24
> > 123.123.123.123,45954,223.255.245.0/24
> > 123.123.123.123,45954,223.255.246.0/24
> > 123.123.123.123,45954,223.255.247.0/24
> > 123.123.123.123,55415,223.255.254.0/24
> >
> >
> > The issue I am having is that altough the AS numbers are properly
> > populated, the  BGPNextHop field is always 0.0.0.0
> >
> > I am using this aggregate list:
> > aggregate:
> src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip
> >
> >
> > >From the config keys (http://wiki.pmacct.net/OfficialConfigKeys) i
> read:
> > > when 'true' ('file' being an alias of 'true') it instructs nfacctd and
> sfacctd to generate 'src_as' and 'dst_as' (only! ie. no peer-AS) by looking
> up
> > > source and destination IP addresses against a networks_file
> >
> > So apparently it won't populate BGPNextHop when using networks file,
> > is that right? Is the only resort to get that information would be to
> > have a bgp session stablished?
> >
> > ___
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Next-hop not populated when using networks file

2014-04-04 Thread Joan 
I am using a networks_file such as this, being the next hop
123.123.123.123, I do have other bgp providers for other routes.

123.123.123.123,17766,223.255.235.0/24
123.123.123.123,56000,223.255.236.0/24
123.123.123.123,56000,223.255.237.0/24
123.123.123.123,56000,223.255.238.0/24
123.123.123.123,56000,223.255.239.0/24
123.123.123.123,55649,223.255.240.0/22
123.123.123.123,55649,223.255.240.0/24
123.123.123.123,55649,223.255.241.0/24
123.123.123.123,55649,223.255.242.0/24
123.123.123.123,55649,223.255.243.0/24
123.123.123.123,45954,223.255.244.0/24
123.123.123.123,45954,223.255.245.0/24
123.123.123.123,45954,223.255.246.0/24
123.123.123.123,45954,223.255.247.0/24
123.123.123.123,55415,223.255.254.0/24


The issue I am having is that altough the AS numbers are properly
populated, the  BGPNextHop field is always 0.0.0.0

I am using this aggregate list:
aggregate: 
src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip


>From the config keys (http://wiki.pmacct.net/OfficialConfigKeys) i read:
> when 'true' ('file' being an alias of 'true') it instructs nfacctd and 
> sfacctd to generate 'src_as' and 'dst_as' (only! ie. no peer-AS) by looking up
> source and destination IP addresses against a networks_file

So apparently it won't populate BGPNextHop when using networks file,
is that right? Is the only resort to get that information would be to
have a bgp session stablished?

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Network file not properly load

2014-02-13 Thread Joan 
Ok, then I will try to adapt the script I used to generate this file,
because there are lots of routes saved from the bgp summary.
https://github.com/paololucente/pmacct-contrib/blob/master/st1/quagga_gen_as_network.pl


2014-02-13 16:39 GMT+01:00 Adam Bogdan :

> Hi Joan,
>
> The problem is with this 2 lines:
> 123.123.123.123,55649,223.255.240.0/22
> 123.123.123.123,55649,223.255.240.0/24
>
> Just delete the line with /24 and check then - I had similar problem with
> overlapping prefixes.
>
> Regards
> Adam
>
>
>
> 2014-02-13 15:36 GMT+01:00 Joan :
>
>> While loading the attached network file, I get this strange errors on the
>> logs (when debug is enabled), it seems that the networks are not properly
>> imported (it seems related to the nested networks) but I couldn't simplify
>> any more the test case.
>> The problem is that when there are those errors the srcas and dstas never
>> get populated on the flows.
>>
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 17766 net: 223.255.235.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 45954 net: 223.255.244.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 45954 net: 223.255.245.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 45954 net: 223.255.246.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 45954 net: 223.255.247.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 55415 net: 223.255.254.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh:  peer asn: 0 asn: 0
>> net: 0.0.0.0 mask: 0
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] contains a default route
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh:  peer asn: 0 asn: 0
>> net: 0.0.0.0 mask: 0
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] contains a default route
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh:  peer asn: 0 asn: 0
>> net: 0.0.0.0 mask: 0
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] contains a default route
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh:  peer asn: 0 asn: 0
>> net: 0.0.0.0 mask: 0
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] contains a default route
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh:  peer asn: 0 asn: 0
>> net: 0.0.0.0 mask: 0
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] contains a default route
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 55649 net: 223.255.240.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 55649 net: 223.255.241.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 55649 net: 223.255.242.0 mask: 24
>> Feb 13 15:31:07 collector pmacctd[29186]: DEBUG (
>> /etc/pmacct/networks.lst ): [networks table IPv4] nh: 123.123.123.123 peer
>> asn: 0 asn: 55649 net: 223.255.243.0 mask: 24
>>
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Network file not properly load

2014-02-13 Thread Joan 
While loading the attached network file, I get this strange errors on the
logs (when debug is enabled), it seems that the networks are not properly
imported (it seems related to the nested networks) but I couldn't simplify
any more the test case.
The problem is that when there are those errors the srcas and dstas never
get populated on the flows.

Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 17766 net:
223.255.235.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 45954 net:
223.255.244.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 45954 net:
223.255.245.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 45954 net:
223.255.246.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 45954 net:
223.255.247.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 55415 net:
223.255.254.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh:  peer asn: 0 asn: 0 net: 0.0.0.0 mask: 0
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] contains a default route
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh:  peer asn: 0 asn: 0 net: 0.0.0.0 mask: 0
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] contains a default route
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh:  peer asn: 0 asn: 0 net: 0.0.0.0 mask: 0
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] contains a default route
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh:  peer asn: 0 asn: 0 net: 0.0.0.0 mask: 0
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] contains a default route
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh:  peer asn: 0 asn: 0 net: 0.0.0.0 mask: 0
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] contains a default route
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 55649 net:
223.255.240.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 55649 net:
223.255.241.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 55649 net:
223.255.242.0 mask: 24
Feb 13 15:31:07 collector pmacctd[29186]: DEBUG ( /etc/pmacct/networks.lst
): [networks table IPv4] nh: 123.123.123.123 peer asn: 0 asn: 55649 net:
223.255.243.0 mask: 24


network_file
Description: Binary data
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Strange results on nfdump when using networks_file

2014-02-10 Thread Joan 
Hi Paolo, this is the exact steps I am doing to compile all the setup, one
important thing is that the version I get on the cvs checkout is older than
yours. Mine is 1.24, from 2014-01-09

I documented all the steps in this gist:
https://gist.github.com/aseques/8912310


Text in the cvs head is this one:
RCS file: /home/repo-0.14/pmacct/AUTHORS,v
Working file: AUTHORS
head: 1.24
branch:
locks: strict
access list:
symbolic names:
start: 1.1.1.1
plucente: 1.1.1
keyword substitution: kv
total revisions: 25;selected revisions: 25
description:

revision 1.24
date: 2014-01-09 19:54:54 +0100;  author: paolo;  state: Exp;  lines: +3
-2;  commitid: lbgI3khZiZPsrtkx;


* fix, MySQL plugin: added linking of pmacct code against -lstdc++ and -lrt
  if MySQL plugin is enabled, pre-requisite for MySQL 5.6. Many thanks to
  Stefano Birmani for reporting the issue.



2014-02-07 12:28 GMT+01:00 Paolo Lucente :

> Hi Joan,
>
> Just fetched myself for a test from the CVS and build is 20140205-00
> (ie. pmacctd -V). Do i get correctly the issue is: you are able to
> compile pmacct 1.5.0rc2 against PF_RING 5.6.2 but not latest pmacct
> code from CVS against the exact same PF_RING library?
>
> Cheers,
> Paolo
>
> On Fri, Feb 07, 2014 at 11:59:02AM +0100, Joan wrote:
> > Hi Paolo, the code from the cvs (module pmacct) doesn't compile when
> > linking with pfring enabled libpcap, it does without problem when there
> is
> > only the system libpcap, see the log attached.
> > It was when using PF_RING-5.6.2
> >
> >
> > Still the las commit to the cvs is from 2014-01-09, earlier than my mail,
> > is this the proper module to checkout from?
> >
> >
> > Regards,
> >
> > Joan
> >
> >
> > 2014-02-05 17:42 GMT+01:00 Paolo Lucente :
> >
> > > Hi Joan,
> > >
> > > I verified the issue you describe and fixed in the CVS. Can you give
> > > it a try and see if that works for you?
> > >
> > > Cheers,
> > > Paolo
> > >
> > > On Wed, Feb 05, 2014 at 11:50:55AM +0100, Joan wrote:
> > > > I am trying to setup again a system to export flows with as number by
> > > using
> > > > the networks_file, since creating a full networks_file with the
> script
> > > at (
> > > > https://github.com/paololucente/pmacct-contrib/tree/master/st1)
> failed
> > > > leaving all the AS fields as 0, I simplified the file to a minimal
> case
> > > > (only google's 8.8.8.x and 8.8.4.x)
> > > >
> > > >
> > > > ! generated by quagga_gen_as_network.pl at 20140205-11:25.51
> > > > 193.149.55.94,15169,8.8.4.0/24
> > > > 193.149.55.94,15169,8.8.8.0/24
> > > >
> > > >
> > > > Now I'm getting the srcas and dstas setted for all the traffic as if
> it
> > > was
> > > > originated and destinated to google.
> > > > I'm using the current 1.5.0rc2.
> > >
> > > > Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/core ): Start
> > > logging ...
> > > > Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/nfprobe ):
> > > plugin_pipe_size=4096000 bytes plugin_buffer_size=4096 bytes
> > > > Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/nfprobe ): ctrl
> > > channel: obtained=163840 bytes target=4000 bytes
> > > > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG (
> /etc/pmacct/networks.lst
> > > ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net:
> > > 8.8.4.0 mask: 24
> > > > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
> NetFlow
> > > probe plugin is originally based on softflowd 0.9.7 software, Copyright
> > > 2002 Damien M
> > > > iller  All rights reserved.
> > > > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG (
> /etc/pmacct/networks.lst
> > > ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net:
> > > 8.8.8.0 mask: 24
> > > > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
> > >   TCP timeout: 3600s
> > > > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  TCP
> > > post-RST timeout: 120s
> > > > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG (
> /etc/pmacct/networks.lst
> > > ): IPv4 Networks Cache successfully created: 1 entries.
> > > > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  TCP
> > > post-FIN timeout: 300s
> > > > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
> > >

Re: [pmacct-discussion] Strange results on nfdump when using networks_file

2014-02-07 Thread Joan 
Hi Paolo, the code from the cvs (module pmacct) doesn't compile when
linking with pfring enabled libpcap, it does without problem when there is
only the system libpcap, see the log attached.
It was when using PF_RING-5.6.2


Still the las commit to the cvs is from 2014-01-09, earlier than my mail,
is this the proper module to checkout from?


Regards,

Joan


2014-02-05 17:42 GMT+01:00 Paolo Lucente :

> Hi Joan,
>
> I verified the issue you describe and fixed in the CVS. Can you give
> it a try and see if that works for you?
>
> Cheers,
> Paolo
>
> On Wed, Feb 05, 2014 at 11:50:55AM +0100, Joan wrote:
> > I am trying to setup again a system to export flows with as number by
> using
> > the networks_file, since creating a full networks_file with the script
> at (
> > https://github.com/paololucente/pmacct-contrib/tree/master/st1) failed
> > leaving all the AS fields as 0, I simplified the file to a minimal case
> > (only google's 8.8.8.x and 8.8.4.x)
> >
> >
> > ! generated by quagga_gen_as_network.pl at 20140205-11:25.51
> > 193.149.55.94,15169,8.8.4.0/24
> > 193.149.55.94,15169,8.8.8.0/24
> >
> >
> > Now I'm getting the srcas and dstas setted for all the traffic as if it
> was
> > originated and destinated to google.
> > I'm using the current 1.5.0rc2.
>
> > Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/core ): Start
> logging ...
> > Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/nfprobe ):
> plugin_pipe_size=4096000 bytes plugin_buffer_size=4096 bytes
> > Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/nfprobe ): ctrl
> channel: obtained=163840 bytes target=4000 bytes
> > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net:
> 8.8.4.0 mask: 24
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ): NetFlow
> probe plugin is originally based on softflowd 0.9.7 software, Copyright
> 2002 Damien M
> > iller  All rights reserved.
> > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net:
> 8.8.8.0 mask: 24
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
>   TCP timeout: 3600s
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  TCP
> post-RST timeout: 120s
> > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst
> ): IPv4 Networks Cache successfully created: 1 entries.
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  TCP
> post-FIN timeout: 300s
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
>   UDP timeout: 300s
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
>  ICMP timeout: 300s
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
> General timeout: 3600s
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
>  Maximum lifetime: 604800s
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
> Expiry interval: 60s
> > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv6] nh: 193.150.1.123 peer_asn: 0 asn: 15169 net: ::
> mask: 0
> > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv6] contains a default route
> > Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst
> ): IPv6 Networks Cache successfully created: 32771 entries.
> > Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):
> Exporting flows to [192.168.1.123]:2591
> > Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net:
> 8.8.4.0 mask: 24
> > Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net:
> 8.8.8.0 mask: 24
> > Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst
> ): IPv4 Networks Cache successfully created: 1 entries.
> > Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv6] nh: 193.150.1.123 peer_asn: 0 asn: 15169 net: ::
> mask: 0
> > Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst
> ): [networks table IPv6] contains a default route
> > Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst
> ): IPv6 Networks Cache successfully created: 32771 entries.
> > Feb  5 11:37:43 flower pmacctd[9562]: OK ( default/core ): link type is:
> 1
> >
>
> >  Dst I

[pmacct-discussion] Strange results on nfdump when using networks_file

2014-02-05 Thread Joan 
I am trying to setup again a system to export flows with as number by using
the networks_file, since creating a full networks_file with the script at (
https://github.com/paololucente/pmacct-contrib/tree/master/st1) failed
leaving all the AS fields as 0, I simplified the file to a minimal case
(only google's 8.8.8.x and 8.8.4.x)


! generated by quagga_gen_as_network.pl at 20140205-11:25.51
193.149.55.94,15169,8.8.4.0/24
193.149.55.94,15169,8.8.8.0/24


Now I'm getting the srcas and dstas setted for all the traffic as if it was
originated and destinated to google.
I'm using the current 1.5.0rc2.
Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/core ): Start logging ...
Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/nfprobe ): plugin_pipe_size=4096000 bytes plugin_buffer_size=4096 bytes
Feb  5 11:37:43 flower pmacctd[9562]: INFO ( default/nfprobe ): ctrl channel: obtained=163840 bytes target=4000 bytes
Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net: 8.8.4.0 mask: 24
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ): NetFlow probe plugin is originally based on softflowd 0.9.7 software, Copyright 2002 Damien M
iller  All rights reserved.
Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net: 8.8.8.0 mask: 24
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):   TCP timeout: 3600s
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  TCP post-RST timeout: 120s
Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst ): IPv4 Networks Cache successfully created: 1 entries.
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  TCP post-FIN timeout: 300s
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):   UDP timeout: 300s
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  ICMP timeout: 300s
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):   General timeout: 3600s
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):  Maximum lifetime: 604800s
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ):   Expiry interval: 60s
Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv6] nh: 193.150.1.123 peer_asn: 0 asn: 15169 net: :: mask: 0
Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv6] contains a default route
Feb  5 11:37:43 flower pmacctd[9562]: DEBUG ( /etc/pmacct/networks.lst ): IPv6 Networks Cache successfully created: 32771 entries.
Feb  5 11:37:43 flower pmacctd[9563]: INFO ( default/nfprobe ): Exporting flows to [192.168.1.123]:2591
Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net: 8.8.4.0 mask: 24
Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv4] nh: 193.150.1.123 peer asn: 0 asn: 15169 net: 8.8.8.0 mask: 24
Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst ): IPv4 Networks Cache successfully created: 1 entries.
Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv6] nh: 193.150.1.123 peer_asn: 0 asn: 15169 net: :: mask: 0
Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst ): [networks table IPv6] contains a default route
Feb  5 11:37:43 flower pmacctd[9563]: DEBUG ( /etc/pmacct/networks.lst ): IPv6 Networks Cache successfully created: 32771 entries.
Feb  5 11:37:43 flower pmacctd[9562]: OK ( default/core ): link type is: 1

 Dst IP Addr FlowsBytes  Packets Src AS Dst AS
   209.23.235.22 1   921  15169  15169
88.26.252.71 1  3855  15169  15169
  166.78.151.214 1   871  15169  15169
88.26.252.71 1  4185  15169  15169
  162.242.162.82 1   811  15169  15169
69.28.95.170 1   801  15169  15169
69.28.95.154 1   781  15169  15169
218.189.3.34 1   761  15169  15169
   64.132.253.13 1   741  15169  15169
88.26.252.71 1  4185  15169  15169
   195.55.157.82 1  1561  15169  15169
  205.251.194.67 1   861  15169  15169
88.26.252.71 1  4185  15169  15169
   178.79.150.32 1   921  15169  15169
  176.58.111.122 1   921  15169  15169
   209.59.139.12 1   731  15169  15169
   178.79.150.32 1  1101  15169  15169
54.248.92.63 1   761  15169  15169


networks.lst
Description: Binary data
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Using pf_ring together with pmacct?

2014-02-04 Thread Joan 
Unfortunately, the good news didn't last, altought the performance is much
better it's still not enough to process the whole traffic, it seems to me
that it doesn't take advantage of the multicore from my CPU, using a single
CPU each time. Never more than one simultaneously.
Can that be improved?

$ ps -p 15139 -L -o pid,tid,psr,pcpu
PID   TID PSR %CPU
  15139 15139   2 54.6

PID   TID PSR %CPU
  15139 15139   1 54.6

   PID   TID PSR %CPU
  15139 15139   2 54.6





2014-02-04 Paolo Lucente :

> Hi Joan,
>
> Perfect, thanks for having summarized your solution.
>
> Cheers,
> Paolo
>
> On Tue, Feb 04, 2014 at 12:14:46AM +0100, Joan wrote:
> > #- Compile pf_ring
> > cd kernel; make install
> > cd ../userland/lib; make install
> > #We need also libpcap
> > cd userland/libpcap-1.1.1-ring/
> > make install
> >
> > #Load the kernel module on boot
> > echo pf_ring >> /etc/modules
> >
> > #To compile pmacct with support for pf_ring
> > ./configure --with-pcap-libs=/usr/local/lib/ --prefix=/usr --enable-mmap
> > --enable-ipv6 --enable-threads
> > make
> > make install
> >
> > #After this we have pmacctd compiled, but there is on library that can't
> be
> > found
> >
> > linux-gate.so.1 =>  (0xb778f000)
> > libpcap.so.1 => not found
> > libpfring.so => /usr/local/lib/libpfring.so (0xb775f000)
> > libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb775a000)
> > libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
> > (0xb7741000)
> > libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb75de000)
> > /lib/ld-linux.so.2 (0xb779)
> >
> >
> > In my case I fixed it like this:
> >   cd /usr/lib
> >   ln -s  /usr/local/lib/libpcap.so.1 libpcap.so.1
> >
> > Once that was done, pmacct could start, and the performance is really
> much
> > better, I'd say about a 30% less load in the system.
> > I'll report any other findings I do,
> >
> > Thanks for your work again,
> >
> > Joan
> >
> >
> > 2014-02-03 Paolo Lucente :
> >
> > > Hi Joan,
> > >
> > > I did not look at PF_RING recently but the steps you outline
> > > are those that make sense to me. Can you say what is precisely
> > > not working linking pmacct against PF_RING libpcap? Feel free
> > > to send me some output here or (maybe preferrably) privately,
> > > then we summarize outcome here.
> > >
> > > Cheers,
> > > Paolo
> > >
> > > On Mon, Feb 03, 2014 at 09:49:22AM +0100, Joan wrote:
> > > > Good morning,
> > > >
> > > > I am trying to use pmacct together with pf_ring to solve some
> performance
> > > > issues we are having, but I'm a bit lost about how to proceed. Can
> anyone
> > > > correct me if I'm wrong?
> > > >
> > > > - Download pf_ring module, compile and load into the system
> > > > - Recompile pmacct using pf_ring's libpcap instead of the system one
> > > (which
> > > > isn't ready)
> > > >
> > > > This last part is what doesn't work for me so far, any help would be
> > > > appreciated,
> > > >
> > > > Joan
> > >
> > > > ___
> > > > pmacct-discussion mailing list
> > > > http://www.pmacct.net/#mailinglists
> > >
> > >
> > > ___
> > > pmacct-discussion mailing list
> > > http://www.pmacct.net/#mailinglists
> > >
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Using pf_ring together with pmacct?

2014-02-03 Thread Joan 
#- Compile pf_ring
cd kernel; make install
cd ../userland/lib; make install
#We need also libpcap
cd userland/libpcap-1.1.1-ring/
make install

#Load the kernel module on boot
echo pf_ring >> /etc/modules

#To compile pmacct with support for pf_ring
./configure --with-pcap-libs=/usr/local/lib/ --prefix=/usr --enable-mmap
--enable-ipv6 --enable-threads
make
make install

#After this we have pmacctd compiled, but there is on library that can't be
found

linux-gate.so.1 =>  (0xb778f000)
libpcap.so.1 => not found
libpfring.so => /usr/local/lib/libpfring.so (0xb775f000)
libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb775a000)
libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
(0xb7741000)
libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb75de000)
/lib/ld-linux.so.2 (0xb779)


In my case I fixed it like this:
  cd /usr/lib
  ln -s  /usr/local/lib/libpcap.so.1 libpcap.so.1

Once that was done, pmacct could start, and the performance is really much
better, I'd say about a 30% less load in the system.
I'll report any other findings I do,

Thanks for your work again,

Joan


2014-02-03 Paolo Lucente :

> Hi Joan,
>
> I did not look at PF_RING recently but the steps you outline
> are those that make sense to me. Can you say what is precisely
> not working linking pmacct against PF_RING libpcap? Feel free
> to send me some output here or (maybe preferrably) privately,
> then we summarize outcome here.
>
> Cheers,
> Paolo
>
> On Mon, Feb 03, 2014 at 09:49:22AM +0100, Joan wrote:
> > Good morning,
> >
> > I am trying to use pmacct together with pf_ring to solve some performance
> > issues we are having, but I'm a bit lost about how to proceed. Can anyone
> > correct me if I'm wrong?
> >
> > - Download pf_ring module, compile and load into the system
> > - Recompile pmacct using pf_ring's libpcap instead of the system one
> (which
> > isn't ready)
> >
> > This last part is what doesn't work for me so far, any help would be
> > appreciated,
> >
> > Joan
>
> > ___
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Using pf_ring together with pmacct?

2014-02-03 Thread Joan 
Good morning,

I am trying to use pmacct together with pf_ring to solve some performance
issues we are having, but I'm a bit lost about how to proceed. Can anyone
correct me if I'm wrong?

- Download pf_ring module, compile and load into the system
- Recompile pmacct using pf_ring's libpcap instead of the system one (which
isn't ready)

This last part is what doesn't work for me so far, any help would be
appreciated,

Joan
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Pmacct not adding the as number

2013-07-09 Thread Joan 
Hello again, with the changes you proposed it seems to work fine, the only
missing AS i see now are from our own bgp system, I imagine that's because
they aren't saved in the output of "sh ip bgp", so it can be easily fixed.



2013/7/9 Joan 

> I have done the change, I don't have yet any significant amount of flows
> to analyze, so I'll be back later when I have more information.
> Thanks a lot for your help,
>
> Joan
>
>
> 2013/7/9 Paolo Lucente 
>
>> Hi Joan,
>>
>> Please add 'pmacctd_as: file' to your config. Actually, in absence of any
>> config directive at this propo, this should be the default setting (if, of
>> course, a networks_file is loaded and we speak pmacctd daemon).
>>
>> Will reproduce your config in lab and see why that would not be happening.
>>
>> Cheers,
>> Paolo
>>
>> On Tue, Jul 09, 2013 at 02:56:30PM +0200, Joan wrote:
>> > Hi again, I am reopening this thread again because after upgrading to
>> > current 0.14.3 version (which fixes all my crashes) the srcas/dstas data
>> > still isn't populated.
>> >
>> > This is my current config:
>> > daemonize: true
>> > pidfile: /var/run/pmacctd.pid
>> > syslog: daemon
>> > aggregate: src_host,dst_host,dst_as,src_as
>> > interface: br0
>> > plugins: nfprobe
>> > networks_file: /etc/pmacct/networks.lst
>> > nfprobe_receiver: 192.168.1.5:2591
>> > nfprobe_version: 9
>> > debug : true
>> >
>> > See the attached document for the dump of the flows that I am doing in
>> the
>> > flow collector.
>> >
>> > And an sample entry in the networks.lst file for one of the matches in
>> the
>> > file:
>> > 29073,80.82.64.0/24
>> >
>> >
>> >
>> > 2013/7/5 Paolo Lucente 
>> >
>> > > xHi Joan,
>> > >
>> > > Thanks for explaining the background, it makes sense. To get ASNs info
>> > > populated you should add src_as and dst_as primitives to your
>> aggregate
>> > > directive. Same as any further info you wish to see populated.
>> > >
>> > > Let me know how that goes. I see you dropped a separate email about a
>> > > crash, along with a backtrace, thanks for that. I will look into it,
>> > > ie. maybe you already hinted the above yourself and got to the next
>> > > stage, and get back to you.
>> > >
>> > > Cheers,
>> > > Paolo
>> > >
>> > > On Fri, Jul 05, 2013 at 02:35:15PM +0200, Joan wrote:
>> > > > Hello,
>> > > >
>> > > > I am trying to get pmacct workting to replace softflowd because
>> we'd like
>> > > > to have the as numbers for the networks populated.
>> > > > To accomplish this I am using the script to generate the
>> networks_file
>> > > from
>> > > > quagga (I had a couple of issues but it's ok now)
>> > > >
>> > > > This is my pmactd.conf config:
>> > > > /etc/pmacct/pmactd.conf
>> > > >  daemonize: true
>> > > >
>> > > >  pidfile: /var/run/pmacctd.pid
>> > > >
>> > > >  syslog: daemon
>> > > >
>> > > >  aggregate: src_host,dst_host
>> > > >
>> > > >  pcap_filter: net 0.0.0.0/0
>> > > >
>> > > >  interface: br0
>> > > >
>> > > >  plugins: nfprobe
>> > > >
>> > > >  nfprobe_version: 9
>> > > >
>> > > >  networks_file: /etc/pmacct/networks.lst
>> > > >
>> > > >  nfprobe_receiver: 192.168.1.5:2591 <http://192.168.1.8:2591>
>> > > >
>> > > >
>> > > >  nfprobe_version: 9
>> > > >
>> > > > And in the flow collector I am checking for the as numbers with
>> nfdump,
>> > > but
>> > > > the output of srcas/dstas is always 0
>> > > >  nfdump -A srcas -N  -M /var/lib/netflow/profiles-data/live/ -o
>> "fmt:%sa
>> > > > %fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425
>> > > >
>> > > > Did I miss something in the pmacctd config? I don't see anything
>> relevant
>> > > > in the logs.
>> > >
>> > > > ___
>> > > > pmacct-discussi

Re: [pmacct-discussion] Pmacct not adding the as number

2013-07-09 Thread Joan 
I have done the change, I don't have yet any significant amount of flows to
analyze, so I'll be back later when I have more information.
Thanks a lot for your help,

Joan


2013/7/9 Paolo Lucente 

> Hi Joan,
>
> Please add 'pmacctd_as: file' to your config. Actually, in absence of any
> config directive at this propo, this should be the default setting (if, of
> course, a networks_file is loaded and we speak pmacctd daemon).
>
> Will reproduce your config in lab and see why that would not be happening.
>
> Cheers,
> Paolo
>
> On Tue, Jul 09, 2013 at 02:56:30PM +0200, Joan wrote:
> > Hi again, I am reopening this thread again because after upgrading to
> > current 0.14.3 version (which fixes all my crashes) the srcas/dstas data
> > still isn't populated.
> >
> > This is my current config:
> > daemonize: true
> > pidfile: /var/run/pmacctd.pid
> > syslog: daemon
> > aggregate: src_host,dst_host,dst_as,src_as
> > interface: br0
> > plugins: nfprobe
> > networks_file: /etc/pmacct/networks.lst
> > nfprobe_receiver: 192.168.1.5:2591
> > nfprobe_version: 9
> > debug : true
> >
> > See the attached document for the dump of the flows that I am doing in
> the
> > flow collector.
> >
> > And an sample entry in the networks.lst file for one of the matches in
> the
> > file:
> > 29073,80.82.64.0/24
> >
> >
> >
> > 2013/7/5 Paolo Lucente 
> >
> > > xHi Joan,
> > >
> > > Thanks for explaining the background, it makes sense. To get ASNs info
> > > populated you should add src_as and dst_as primitives to your aggregate
> > > directive. Same as any further info you wish to see populated.
> > >
> > > Let me know how that goes. I see you dropped a separate email about a
> > > crash, along with a backtrace, thanks for that. I will look into it,
> > > ie. maybe you already hinted the above yourself and got to the next
> > > stage, and get back to you.
> > >
> > > Cheers,
> > > Paolo
> > >
> > > On Fri, Jul 05, 2013 at 02:35:15PM +0200, Joan wrote:
> > > > Hello,
> > > >
> > > > I am trying to get pmacct workting to replace softflowd because we'd
> like
> > > > to have the as numbers for the networks populated.
> > > > To accomplish this I am using the script to generate the
> networks_file
> > > from
> > > > quagga (I had a couple of issues but it's ok now)
> > > >
> > > > This is my pmactd.conf config:
> > > > /etc/pmacct/pmactd.conf
> > > >  daemonize: true
> > > >
> > > >  pidfile: /var/run/pmacctd.pid
> > > >
> > > >  syslog: daemon
> > > >
> > > >  aggregate: src_host,dst_host
> > > >
> > > >  pcap_filter: net 0.0.0.0/0
> > > >
> > > >  interface: br0
> > > >
> > > >  plugins: nfprobe
> > > >
> > > >  nfprobe_version: 9
> > > >
> > > >  networks_file: /etc/pmacct/networks.lst
> > > >
> > > >  nfprobe_receiver: 192.168.1.5:2591 <http://192.168.1.8:2591>
> > > >
> > > >
> > > >  nfprobe_version: 9
> > > >
> > > > And in the flow collector I am checking for the as numbers with
> nfdump,
> > > but
> > > > the output of srcas/dstas is always 0
> > > >  nfdump -A srcas -N  -M /var/lib/netflow/profiles-data/live/ -o
> "fmt:%sa
> > > > %fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425
> > > >
> > > > Did I miss something in the pmacctd config? I don't see anything
> relevant
> > > > in the logs.
> > >
> > > > ___
> > > > pmacct-discussion mailing list
> > > > http://www.pmacct.net/#mailinglists
> > >
> > >
> > > ___
> > > pmacct-discussion mailing list
> > > http://www.pmacct.net/#mailinglists
> > >
>
> > nfdump -M /var/lib/netflow/profiles-data/live/ -R
> nfcapd.201307091410:nfcapd.201307091440 -A srcas,dstas,srcip,dstip
> > Date flow start  Duration  Src AS Dst AS  Src IP Addr
>  Dst IP Addr   PacketsBytes  bpsBpp Flows
> > 2013-07-09 13:30:18.67914.592   0  0218.94.15.226
> 123.123.123.1233  120   65 40

Re: [pmacct-discussion] Pmacct not adding the as number

2013-07-09 Thread Joan 
Hi again, I am reopening this thread again because after upgrading to
current 0.14.3 version (which fixes all my crashes) the srcas/dstas data
still isn't populated.

This is my current config:
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
aggregate: src_host,dst_host,dst_as,src_as
interface: br0
plugins: nfprobe
networks_file: /etc/pmacct/networks.lst
nfprobe_receiver: 192.168.1.5:2591
nfprobe_version: 9
debug : true

See the attached document for the dump of the flows that I am doing in the
flow collector.

And an sample entry in the networks.lst file for one of the matches in the
file:
29073,80.82.64.0/24



2013/7/5 Paolo Lucente 

> xHi Joan,
>
> Thanks for explaining the background, it makes sense. To get ASNs info
> populated you should add src_as and dst_as primitives to your aggregate
> directive. Same as any further info you wish to see populated.
>
> Let me know how that goes. I see you dropped a separate email about a
> crash, along with a backtrace, thanks for that. I will look into it,
> ie. maybe you already hinted the above yourself and got to the next
> stage, and get back to you.
>
> Cheers,
> Paolo
>
> On Fri, Jul 05, 2013 at 02:35:15PM +0200, Joan wrote:
> > Hello,
> >
> > I am trying to get pmacct workting to replace softflowd because we'd like
> > to have the as numbers for the networks populated.
> > To accomplish this I am using the script to generate the networks_file
> from
> > quagga (I had a couple of issues but it's ok now)
> >
> > This is my pmactd.conf config:
> > /etc/pmacct/pmactd.conf
> >  daemonize: true
> >
> >  pidfile: /var/run/pmacctd.pid
> >
> >  syslog: daemon
> >
> >  aggregate: src_host,dst_host
> >
> >  pcap_filter: net 0.0.0.0/0
> >
> >  interface: br0
> >
> >  plugins: nfprobe
> >
> >  nfprobe_version: 9
> >
> >  networks_file: /etc/pmacct/networks.lst
> >
> >  nfprobe_receiver: 192.168.1.5:2591 <http://192.168.1.8:2591>
> >
> >
> >  nfprobe_version: 9
> >
> > And in the flow collector I am checking for the as numbers with nfdump,
> but
> > the output of srcas/dstas is always 0
> >  nfdump -A srcas -N  -M /var/lib/netflow/profiles-data/live/ -o "fmt:%sa
> > %fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425
> >
> > Did I miss something in the pmacctd config? I don't see anything relevant
> > in the logs.
>
> > ___
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
nfdump -M /var/lib/netflow/profiles-data/live/ -R 
nfcapd.201307091410:nfcapd.201307091440 -A srcas,dstas,srcip,dstip 
Date flow start  Duration  Src AS Dst AS  Src IP Addr  Dst IP 
Addr   PacketsBytes  bpsBpp Flows
2013-07-09 13:30:18.67914.592   0  0218.94.15.226   
123.123.123.1233  120   65 40 1
2013-07-09 14:07:54.345 3.094   0  0 92.81.226.61   
123.123.123.1232   96  248 48 1
2013-07-09 14:32:49.080 0.000   0  0   188.165.95.171   
123.123.123.1241   440 44 1
2013-07-09 09:20:01.379 18867.828   0  023.123.123.25   
224.0.0.6  1473   110892   47 75 1
2013-07-09 13:21:32.957 0.000   0  0 85.237.35.52   
123.123.123.1231   600 60 1
2013-07-09 14:26:16.360 0.000   0  0 80.82.64.231   
123.123.123.1241   290 29 1
2013-07-09 13:47:01.881 0.000   0  0   186.202.186.28   
123.123.123.1241   520 52 1
2013-07-09 09:19:59.525 18878.256   0  0  123.123.123.25
224.0.0.5  1889   151120   64 80 1
2013-07-09 13:28:24.305 0.000   0  0   61.147.103.117   
123.123.123.1231   400 40 1

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Crash in pmacct

2013-07-09 Thread Joan 
Hello, most of the patches from debian are issues related to packaging for
other architectures or issues with the location of docs, and so on, nothing
really relevant to code as I saw. So it's mostly a pristine 0.14.0 which
seems pretty old after reading about newer versions.
In any case 0.14.3 compiles just fine, and doesn't crash anymore, if
someone wants the .deb just ask :)
I'm still having issues populating the srcas, dstas, but that's for another
thread.


2013/7/8 Karl O. Pinc 

> On 07/08/2013 05:30:36 AM, Joan wrote:
> > BTW, just found in the changelog for 0.14.1 this:
> >   ! fix, net_aggr.c: defining a networks_file configuration directive
> > in
> > conjunction with --enable-ipv6 was causing a SEGVs. This is now
> > solved.
> >
> > That could be the cause for my issue (unless debian backported the
> > fixes)
>
> See /usr/share/doc/pmacct*/changelog.Debian* to check for backports.
>
>
>
> Karl 
> Free Software:  "You don't pay back, you pay forward."
>  -- Robert A. Heinlein
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Crash in pmacct

2013-07-08 Thread Joan 
@george, the issue is not the one you reported (that was against 0.14.3cvs)
but with an older version.

revision 1.16
date: 2012-04-12 14:44:30 +0200;  author: paolo;  state: Exp;  lines: +3 -3;


* nfacctd: etype primitive can now be populated from IP_PROTOCOL_VERSION,
  ie. Field Type #60, in addition to ETHERTYPE, ie. Field Type #256. Should
  both be present the latter has priority over the former.
* fix, net_aggr.c: if --enable-ipv6 is specified, defining a networks_file
  can cause SEGVs. This is now solved.



2013/7/8 Joan 

> The wheezy defautl was crashing for me a bit after loading the
> networks_file (that take about a couple of minutes to load) I was trying to
> isolate this to open a bug in debian, so at least others are warned.
> After unsetting the --enable-ipv6 flag and recompile again with debian
> settings/patches, it seems that it doens't crash anymore.
> Still I will recompile the 0.14.3 version because I was planning to use
> the extended format of networks_file for the nexthop feature.
>
>
> 2013/7/8 George-Cristian Bîrzan 
>
>> I think I reported that bug, and it was crashing instantly on start, not
>> within minutes. Also, I think that never ended up in a release afair, it
>> was just in trunk.
>> On 8 Jul 2013 13:30, "Joan"  wrote:
>>
>>> BTW, just found in the changelog for 0.14.1 this:
>>>   ! fix, net_aggr.c: defining a networks_file configuration directive in
>>> conjunction with --enable-ipv6 was causing a SEGVs. This is now
>>> solved.
>>>
>>> That could be the cause for my issue (unless debian backported the fixes)
>>>
>>>
>>> 2013/7/8 Joan 
>>>
>>>> I have tried the version in wheezy with the same results as with
>>>> squeeze, now, I am trying to reproduce the crash with the 0.14.3 downloaded
>>>> from the site.
>>>> So far it hasn't crashed, but so far there's only minimal traffic via
>>>> this router.
>>>>
>>>> I'll be back with more info...
>>>>
>>>>
>>>> 2013/7/6 Karl O. Pinc 
>>>>
>>>> As an alternative you should consider upgrading to debian
>>>>> wheezy as squeeze will go out of support about 2013-11-04,
>>>>> in 4 months.
>>>>> You'll have to upgrade anyway and this might fix your problem.
>>>>> Wheezy has pmacct 0.14.0.
>>>>>
>>>>> You can get help with any of this for debian using irc chat on
>>>>> the #debian channel of irc.freenode.net.
>>>>>
>>>>> On 07/05/2013 05:39:41 PM, Paolo Lucente wrote:
>>>>> > Hi Joan,
>>>>> >
>>>>> > I can verify the backtrace you provided does not apply to the current
>>>>> > (and 0.14.3 release to that matter) code. Also, the issue is related
>>>>> > to
>>>>> > querying the content of a networks_file - which is a part of the code
>>>>> > that got some changes meanwhile. I propose you download/compile
>>>>> > 0.14.3
>>>>> > release or CVS code and try again. If these still give troubles
>>>>> > please
>>>>> > send me privately a new backtrace to inspect. Let me know.
>>>>> >
>>>>> > Cheers,
>>>>> > Paolo
>>>>> >
>>>>> > On Fri, Jul 05, 2013 at 06:46:21PM +0200, Joan wrote:
>>>>> > > Hi again,
>>>>> > >
>>>>> > > I am experiencing crashes only after a couple of minutes of
>>>>> > starting-04
>>>>> > > pmacctd. I am on the current squeeze version, but I recompiled from
>>>>> > the
>>>>> > > sources to get non-stripped binaries.
>>>>> > > After running the process for some minutes the program crashes as
>>>>> > usually
>>>>> > > leaving a nice backtrace.
>>>>> > > Could you have a look into this and tell me if it's something that
>>>>> > was
>>>>> > > fixed in a newer version?
>>>>> > >
>>>>> > > Regards,
>>>>> > >
>>>>> > > Joan
>>>>> >
>>>>> >
>>>>> > > ___
>>>>> > > pmacct-discussion mailing list
>>>>> > > http://www.pmacct.net/#mailinglists
>>>>> >
>>>>> >
>>>>> > ___
>>>>> > pmacct-discussion mailing list
>>>>> > http://www.pmacct.net/#mailinglists
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Karl 
>>>>> Free Software:  "You don't pay back, you pay forward."
>>>>>  -- Robert A. Heinlein
>>>>>
>>>>> ___
>>>>> pmacct-discussion mailing list
>>>>> http://www.pmacct.net/#mailinglists
>>>>>
>>>>
>>>>
>>>
>>> ___
>>> pmacct-discussion mailing list
>>> http://www.pmacct.net/#mailinglists
>>>
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Crash in pmacct

2013-07-08 Thread Joan 
The wheezy defautl was crashing for me a bit after loading the
networks_file (that take about a couple of minutes to load) I was trying to
isolate this to open a bug in debian, so at least others are warned.
After unsetting the --enable-ipv6 flag and recompile again with debian
settings/patches, it seems that it doens't crash anymore.
Still I will recompile the 0.14.3 version because I was planning to use the
extended format of networks_file for the nexthop feature.


2013/7/8 George-Cristian Bîrzan 

> I think I reported that bug, and it was crashing instantly on start, not
> within minutes. Also, I think that never ended up in a release afair, it
> was just in trunk.
> On 8 Jul 2013 13:30, "Joan"  wrote:
>
>> BTW, just found in the changelog for 0.14.1 this:
>>   ! fix, net_aggr.c: defining a networks_file configuration directive in
>> conjunction with --enable-ipv6 was causing a SEGVs. This is now
>> solved.
>>
>> That could be the cause for my issue (unless debian backported the fixes)
>>
>>
>> 2013/7/8 Joan 
>>
>>> I have tried the version in wheezy with the same results as with
>>> squeeze, now, I am trying to reproduce the crash with the 0.14.3 downloaded
>>> from the site.
>>> So far it hasn't crashed, but so far there's only minimal traffic via
>>> this router.
>>>
>>> I'll be back with more info...
>>>
>>>
>>> 2013/7/6 Karl O. Pinc 
>>>
>>> As an alternative you should consider upgrading to debian
>>>> wheezy as squeeze will go out of support about 2013-11-04,
>>>> in 4 months.
>>>> You'll have to upgrade anyway and this might fix your problem.
>>>> Wheezy has pmacct 0.14.0.
>>>>
>>>> You can get help with any of this for debian using irc chat on
>>>> the #debian channel of irc.freenode.net.
>>>>
>>>> On 07/05/2013 05:39:41 PM, Paolo Lucente wrote:
>>>> > Hi Joan,
>>>> >
>>>> > I can verify the backtrace you provided does not apply to the current
>>>> > (and 0.14.3 release to that matter) code. Also, the issue is related
>>>> > to
>>>> > querying the content of a networks_file - which is a part of the code
>>>> > that got some changes meanwhile. I propose you download/compile
>>>> > 0.14.3
>>>> > release or CVS code and try again. If these still give troubles
>>>> > please
>>>> > send me privately a new backtrace to inspect. Let me know.
>>>> >
>>>> > Cheers,
>>>> > Paolo
>>>> >
>>>> > On Fri, Jul 05, 2013 at 06:46:21PM +0200, Joan wrote:
>>>> > > Hi again,
>>>> > >
>>>> > > I am experiencing crashes only after a couple of minutes of
>>>> > starting-04
>>>> > > pmacctd. I am on the current squeeze version, but I recompiled from
>>>> > the
>>>> > > sources to get non-stripped binaries.
>>>> > > After running the process for some minutes the program crashes as
>>>> > usually
>>>> > > leaving a nice backtrace.
>>>> > > Could you have a look into this and tell me if it's something that
>>>> > was
>>>> > > fixed in a newer version?
>>>> > >
>>>> > > Regards,
>>>> > >
>>>> > > Joan
>>>> >
>>>> >
>>>> > > ___
>>>> > > pmacct-discussion mailing list
>>>> > > http://www.pmacct.net/#mailinglists
>>>> >
>>>> >
>>>> > ___
>>>> > pmacct-discussion mailing list
>>>> > http://www.pmacct.net/#mailinglists
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>>
>>>> Karl 
>>>> Free Software:  "You don't pay back, you pay forward."
>>>>  -- Robert A. Heinlein
>>>>
>>>> ___
>>>> pmacct-discussion mailing list
>>>> http://www.pmacct.net/#mailinglists
>>>>
>>>
>>>
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Crash in pmacct

2013-07-08 Thread Joan 
BTW, just found in the changelog for 0.14.1 this:
  ! fix, net_aggr.c: defining a networks_file configuration directive in
conjunction with --enable-ipv6 was causing a SEGVs. This is now solved.

That could be the cause for my issue (unless debian backported the fixes)


2013/7/8 Joan 

> I have tried the version in wheezy with the same results as with squeeze,
> now, I am trying to reproduce the crash with the 0.14.3 downloaded from the
> site.
> So far it hasn't crashed, but so far there's only minimal traffic via this
> router.
>
> I'll be back with more info...
>
>
> 2013/7/6 Karl O. Pinc 
>
> As an alternative you should consider upgrading to debian
>> wheezy as squeeze will go out of support about 2013-11-04,
>> in 4 months.
>> You'll have to upgrade anyway and this might fix your problem.
>> Wheezy has pmacct 0.14.0.
>>
>> You can get help with any of this for debian using irc chat on
>> the #debian channel of irc.freenode.net.
>>
>> On 07/05/2013 05:39:41 PM, Paolo Lucente wrote:
>> > Hi Joan,
>> >
>> > I can verify the backtrace you provided does not apply to the current
>> > (and 0.14.3 release to that matter) code. Also, the issue is related
>> > to
>> > querying the content of a networks_file - which is a part of the code
>> > that got some changes meanwhile. I propose you download/compile
>> > 0.14.3
>> > release or CVS code and try again. If these still give troubles
>> > please
>> > send me privately a new backtrace to inspect. Let me know.
>> >
>> > Cheers,
>> > Paolo
>> >
>> > On Fri, Jul 05, 2013 at 06:46:21PM +0200, Joan wrote:
>> > > Hi again,
>> > >
>> > > I am experiencing crashes only after a couple of minutes of
>> > starting-04
>> > > pmacctd. I am on the current squeeze version, but I recompiled from
>> > the
>> > > sources to get non-stripped binaries.
>> > > After running the process for some minutes the program crashes as
>> > usually
>> > > leaving a nice backtrace.
>> > > Could you have a look into this and tell me if it's something that
>> > was
>> > > fixed in a newer version?
>> > >
>> > > Regards,
>> > >
>> > > Joan
>> >
>> >
>> > > ___
>> > > pmacct-discussion mailing list
>> > > http://www.pmacct.net/#mailinglists
>> >
>> >
>> > ___
>> > pmacct-discussion mailing list
>> > http://www.pmacct.net/#mailinglists
>> >
>> >
>>
>>
>>
>>
>> Karl 
>> Free Software:  "You don't pay back, you pay forward."
>>  -- Robert A. Heinlein
>>
>> ___
>> pmacct-discussion mailing list
>> http://www.pmacct.net/#mailinglists
>>
>
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Crash in pmacct

2013-07-08 Thread Joan 
I have tried the version in wheezy with the same results as with squeeze,
now, I am trying to reproduce the crash with the 0.14.3 downloaded from the
site.
So far it hasn't crashed, but so far there's only minimal traffic via this
router.

I'll be back with more info...


2013/7/6 Karl O. Pinc 

> As an alternative you should consider upgrading to debian
> wheezy as squeeze will go out of support about 2013-11-04,
> in 4 months.
> You'll have to upgrade anyway and this might fix your problem.
> Wheezy has pmacct 0.14.0.
>
> You can get help with any of this for debian using irc chat on
> the #debian channel of irc.freenode.net.
>
> On 07/05/2013 05:39:41 PM, Paolo Lucente wrote:
> > Hi Joan,
> >
> > I can verify the backtrace you provided does not apply to the current
> > (and 0.14.3 release to that matter) code. Also, the issue is related
> > to
> > querying the content of a networks_file - which is a part of the code
> > that got some changes meanwhile. I propose you download/compile
> > 0.14.3
> > release or CVS code and try again. If these still give troubles
> > please
> > send me privately a new backtrace to inspect. Let me know.
> >
> > Cheers,
> > Paolo
> >
> > On Fri, Jul 05, 2013 at 06:46:21PM +0200, Joan wrote:
> > > Hi again,
> > >
> > > I am experiencing crashes only after a couple of minutes of
> > starting-04
> > > pmacctd. I am on the current squeeze version, but I recompiled from
> > the
> > > sources to get non-stripped binaries.
> > > After running the process for some minutes the program crashes as
> > usually
> > > leaving a nice backtrace.
> > > Could you have a look into this and tell me if it's something that
> > was
> > > fixed in a newer version?
> > >
> > > Regards,
> > >
> > > Joan
> >
> >
> > > ___
> > > pmacct-discussion mailing list
> > > http://www.pmacct.net/#mailinglists
> >
> >
> > ___
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
> >
> >
>
>
>
>
> Karl 
> Free Software:  "You don't pay back, you pay forward."
>  -- Robert A. Heinlein
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Crash in pmacct

2013-07-05 Thread Joan 
Hi again,

I am experiencing crashes only after a couple of minutes of starting
pmacctd. I am on the current squeeze version, but I recompiled from the
sources to get non-stripped binaries.
After running the process for some minutes the program crashes as usually
leaving a nice backtrace.
Could you have a look into this and tell me if it's something that was
fixed in a newer version?

Regards,

Joan


pmacct.backtrace
Description: Binary data
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Pmacct not adding the as number

2013-07-05 Thread Joan 
Hello,

I am trying to get pmacct workting to replace softflowd because we'd like
to have the as numbers for the networks populated.
To accomplish this I am using the script to generate the networks_file from
quagga (I had a couple of issues but it's ok now)

This is my pmactd.conf config:
/etc/pmacct/pmactd.conf
 daemonize: true

 pidfile: /var/run/pmacctd.pid

 syslog: daemon

 aggregate: src_host,dst_host

 pcap_filter: net 0.0.0.0/0

 interface: br0

 plugins: nfprobe

 nfprobe_version: 9

 networks_file: /etc/pmacct/networks.lst

 nfprobe_receiver: 192.168.1.5:2591 


 nfprobe_version: 9

And in the flow collector I am checking for the as numbers with nfdump, but
the output of srcas/dstas is always 0
 nfdump -A srcas -N  -M /var/lib/netflow/profiles-data/live/ -o "fmt:%sa
%fl %byt %pkt %sas %das" -R nfcapd.201307051420:nfcapd.201307051425

Did I miss something in the pmacctd config? I don't see anything relevant
in the logs.
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists