On Friday 27 January 2006 03:56, Tay Chee Yong wrote: > Hi, > > I am very new to the list, and flow-tools, so pardon me for my ignorance. > Had search through the archives, but can't seems to find any answers. > > Is there a way to capture netflow data based on bgp next-hop. My aim is to > capture how much traffic of other PoPs is towards a specific PoPs, based on > bgp next-hop, since all our next-hop are the loopback address of the router > in the PoP. I had read somewhere that recommend using flow-nfilter, but it > seems that ip-nexthop-address doesn't seems to be recognized, as there are > no output. >
Do you really route to the loopback of the other PoPs? Or, do you have a different address? > filter-primitive router-loopback > type ip-address > permit 10.10.10.1 > > filter-definition test > match ip-nexthop-address router-loopback > # or > match ip-source-address prefix > Without the 'or' both conditions will have to match to get an output. If you just want ip-nexthop-address, that's all that should appear in the filter-definition. Try it like that and see if you get output, then you can add other primitives as you see fit. > The command I use is as follows, but I get no output. > > ./flow-cat /usr/local/netflow/data/ft-v05.2006-01-26.095424+0000 | > ./flow-nfilter -f /usr/local/netflow/var/cfg/filter.cfg -F test | > ./flow-print | more > That should work after you fix your filter. Zoltan Ori _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
