Difference between revisions of "Pmacct"

From Initech Technical Wiki
Jump to: navigation, search
(Created page with " <pre> debug: false daemonize: false pidfile: /var/run/nfacctd.pid print_cache_entries: 1000000 #nfacctd_pipe_size: 2048000000 #nfacctd_disable_checks: true plugin_pipe_si...")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
+
This config file (location depends on your configuration but mine exists at /etc/pmacct/nfacctd.conf) makes nfacct output a json formatted dump of all flows every minute to /tmp/nfacctd.json and call /usr/local/bin/[[nfacct-clickhouse-import]] to import it into [[clickhouse]]
  
 
<pre>
 
<pre>
Line 7: Line 7:
  
 
print_cache_entries: 1000000
 
print_cache_entries: 1000000
 
#nfacctd_pipe_size: 2048000000
 
#nfacctd_disable_checks: true
 
  
 
plugin_pipe_size: 10240000
 
plugin_pipe_size: 10240000
Line 22: Line 19:
 
print_refresh_time[nfacct]: 60
 
print_refresh_time[nfacct]: 60
 
print_trigger_exec[nfacct]: /usr/local/bin/nfacct-clickhouse-import
 
print_trigger_exec[nfacct]: /usr/local/bin/nfacct-clickhouse-import
#pre_tag_map[nfacct]: /etc/pmacct/pretag.map
 
#pre_tag_filter[nfacct]: !666
 
 
#aggregate [nfacct-ip]: src_host,dst_host,peer_src_ip
 
#print_output_file[nfacct-ip]: /tmp/nfacctd-ip.json
 
#print_output[nfacct-ip]: json
 
#print_history[nfacct-ip]: 1m
 
#print_history_roundoff[nfacct-ip]: m
 
#print_refresh_time[nfacct-ip]: 60
 
#print_trigger_exec[nfacct-ip]: /usr/local/bin/nfacct-ip-clickhouse-import
 
#
 
#aggregate [nfacct-as]: src_as,dst_as,peer_src_ip
 
#print_output_file[nfacct-as]: /tmp/nfacctd-as.json
 
#print_output[nfacct-as]: json
 
#print_history[nfacct-as]: 1m
 
#print_history_roundoff[nfacct-as]: m
 
#print_refresh_time[nfacct-as]: 60
 
#print_trigger_exec[nfacct-as]: /usr/local/bin/nfacct-as-clickhouse-import
 
  
 
timestamps_since_epoch: true
 
timestamps_since_epoch: true
 
timestamps_secs: true
 
timestamps_secs: true
#timestamps_rfc3339: true
 
 
</pre>
 
</pre>

Latest revision as of 21:19, 18 October 2019

This config file (location depends on your configuration but mine exists at /etc/pmacct/nfacctd.conf) makes nfacct output a json formatted dump of all flows every minute to /tmp/nfacctd.json and call /usr/local/bin/nfacct-clickhouse-import to import it into clickhouse 

debug: false
daemonize: false
pidfile: /var/run/nfacctd.pid

print_cache_entries: 1000000

plugin_pipe_size: 10240000
plugin_buffer_size: 10240

plugins: print[nfacct]
aggregate [nfacct]: tcpflags,tos,proto,src_host,dst_host,src_as,dst_as,src_port,dst_port,in_iface,out_iface,peer_src_ip
print_output_file[nfacct]: /tmp/nfacctd.json
print_output[nfacct]: json
print_history[nfacct]: 1m
print_history_roundoff[nfacct]: m
print_refresh_time[nfacct]: 60
print_trigger_exec[nfacct]: /usr/local/bin/nfacct-clickhouse-import

timestamps_since_epoch: true
timestamps_secs: true
Retrieved from ‘https://www.initech.nz/w/index.php?title=Pmacct&oldid=142