> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, March 17, 2005 7:52 AM
> To: [email protected]
> Subject: [Flow-tools] Two routers exporting flows
>
> Hi,
>
> Currently, i have 1 router exporting flows to my server and is all OK.
>
> Now, i need to export flows from 2 routers. I configured my
> CUFlow.cf adding the line below
>
> # Our two netflow exporters. Produce service and protocol
> reports for the # total, and each of these.
> Router 171.xx.xx.1
> Router 171.xx.xx.2
>
> I running 1 flow-capture daemon and the routers work with the
> same ones networks and subnet.
> The two router are exporting flow to port 2055 of the server.
>
> After to add the second router (Router 171.x.xx.2), i have the error
> bellow:
>
I wonder if it could be related to the following bug/patch, as posted by
Lawrence Baldwin? - jonathan glass
Mark,
ftdecode.c: (line 708)
rec_v5->engine_type = pdu_v5->engine_type;
rec_v5->engine_type = pdu_v5->engine_id;
Should be:
rec_v5->engine_type = pdu_v5->engine_type;
rec_v5->engine_id = pdu_v5->engine_id;
This has probably gone on undetected as engineID and engineType are often
BOTH zero...so despite the bug it wouldn't have resulted in any problems.
However, I have several situations with Cisco Distributed CEF (Cisco Express
Forwarding) is enabled on the router...in this case the flow data is
exported from multiple EngineIDs (0,1,2,etc..)...when data is feed through
flow-fanout all the EngineID info is clobbered with Zeros (because it's
being copied from the EngineType in your decode function).
Regards,
Lawrence Baldwin
Chief Forensics Officer
myNetWatchman.com
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
