to this
> list and do it yourself.
No, the link at the bottom doesn't help. But this link does:
http://www.pmacct.net/mailman/listinfo/pmacct-discussion
(look at the bottom of the page)
Regards,
Sven
--
Sven Anderson
Institute of Computer Science - University of Goettingen
Goldschmidts
hints? Shall I write the patch
against SVN to include it in the official version? I think of a
config-key like "mysql_numeric: true" to use a numeric SQL scheme.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universi
Daniel schrieb:
>> I have recently join this list this is my firest
>> question for you i am working in datacenter so i need ip base
>> accouting and billing for customer means i will assign client server
>> on my datacenter switch and collect ip traffic from that port and
>> genrate b
width as the monitored port, as the traffic of
both directions has to go out in one direction.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
___
e. Or at least
shutting down all services and setting up static arp entries, to avoid
unwanted traffic.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
__
;background noise", that is irregular broadcasts
and stuff like that.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
_
nd a 6 Mbit DSL line over a 1Gbit mirroring
port in promiscuous mode.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
se. So I suggest
just first and last packet as time stamps.
BTW.: I think it's really a mistake to use local time as timestamps. Why
not using seconds since 1970/1/1 0:00 UTC? This is standard and unambiguous.
> Ideally, I would like more detailed information about the flow at various
>
Sven Anderson, 16.11.2006 18:45:
> What works a lot better in general is removing the small flows. You can
> remove about 95% of the flows by aggregating only 5% of the small-flow
Sorry, this is not understandabl
plugin. Data reduction can also be useful for other
exports, like Netflow.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
___
sources for
other stuff (like creating new threats) you might reach this limit earlier.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
_
last packet in a flow, and one for the time the flow got "closed" (or
updated the last time) which would correspond to the "time-slot" the flow
belongs to. The third one is probably not really necessary, as you can
calculate it from the other timestamps and the configuratio
port?
I wrote some perl-scripts to generate "accumulated port graphs" like the
one you can see here: http://sven.anderson.de/misc/ports.png . If there is
interest, I could publish them.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen
e database tables, as these have a fixed column
structure, an there is no column for "MPLS_LABEL_1".
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, German
K Netflow v9 also uses templates to define flows. What happens
so far with a template and the according data, which contain flow keys
that don't exists in the pmacct flow table? Are they dropped?
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-go
ee this
also as an argument for an data-access API, which I proposed in the other
mail.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettin
Hi all,
Paolo Lucente, 05.07.2006 01:07:
> while the idea of integrating a kind of sFlow/NetFlow probe has been
> already considered (i remember some thoughts recently exchanged with
> Sven Anderson about this), i'm somewhat not fully convinced.
[...]
> Integrating either
which seemed to never end (>30 minutes).
I had only two indexes on this table:
"tcom_v5_20060530_idx" btree (ip_src, ip_dst, stamp_inserted)
"tcom_v5_20060530_stamp_idx" btree (stamp_inserted)
After dropping the tcom_v5_20060530_idx, the query was answ
nationIPAddress",
which contains the IP address after the NAT-process, then you have both IP
adresses in the flow, but nfacct cannot handle this flow key yet AFAIK.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.
the packets have to be tagged and metered on both
interfaces, so that you can export two flows, which are linked somehow,
for example with a FlowID. But if at all, this is only possible with
Netflow v9 or IPFIX.
Hope, that helps a bit.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics -
Hi Jamie,
Jamie Wilkinson, 03.05.2006 02:52:
> It's outside the transaction, so it doesn't blow up horridly. It is
> annoying to see 3600 messages in your logs, sure.
well it's 1440 per day for me. That's not so nice, I will solve it with a
cronjob.
Cheers,
Sven
-
, where you don't have to
know, where and in which format the data is stored. ;-)
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
ks only in the two touched hours?
> I have counter tables with 7+ million records in Pg, and no complaints
> at all from the people hitting web apps that are hitting them.
> Therefore I created an acct_monthly,
> acct_daily, and acct_hourly tables. acct_monthly is blazing fast because
>
venience I included the short README as an attachment.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
FloX v0.1
Copyright 2006 Sven Anderson <[EMAIL PROTEC
Ciao Paolo,
Paolo Lucente, 03.05.2006 16:41:
> On Wed, May 03, 2006 at 03:28:22PM +0200, Sven Anderson wrote:
>
>> Is there a case, when using the -r flag, where you don't want locking? Or
>> do you mean, that -l could be useful in case of not using -r?
>
> The lat
6441]: ERROR ( dport/memory ): We are
missing data.
What should be noted in the docs at least is, that * refers to the sum of
all traffic without the -r, and the rest of traffic with the -r flag, as a
consequence of the stepwise resetting of the counters. Don't you think so?
Cheers,
Sven
-
ocked as long as the port list is processed. Otherwise
packets that arrive during processing with, for example, port 80, would
also match the * and got reset, too. Is this handled correctly?
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
nserted in the table of the next day, right?
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
___
pmacct-discussi
27;s it.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Hi all,
Sven Anderson, 21.04.2006 21:34:
> I think the problem is not the updating of the data itself, but updating
> the complex primary key. An index of (ip_src, ip_dst, stamp_inserted) is
> fast enough to find entries, and easy enough to maintain.
it seems to be known, that a defa
stamp_inserted>=2006-04-21 20:17:55 AND stamp_inserted<2006-04-21
21:17:55" fast? I guess a btree index, but maybe there's something better?
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goetting
flow data defined by
certain Flow Key values. Just give me 2 more weeks and I'll release a
first version.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
ine is quite weak, with 900MHz PIII CPU, 320MB RAM and a
normal IDE hard disk. But with MySQL it was no problem, so I'm just comparing.
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
sh-tables are not indexed correctly? Any ideas?
Cheers,
Sven
--
Sven Anderson
Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de
Georg-August-Universitaet Goettingen
Lotzestr. 16-18, 37083 Goettingen, Germany
34 matches
Mail list logo
