-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Bowman wrote:
> Arnel,
>
>
>
> How did you even get the ASA to work at all with nfsen? I can't get get
> NFSen to work with our ASA5510. I use the special 1.5.7 version of
> nfdump but all I get is the Flow graphs. The Packet and Traffic graphs
> are all empty. And the date/time is incorrect for everything. I've tried
> getting it working under openSUSE and Debian. The ASA is sending out
> good NetFlow data, other things read it fine.
nfdump can only process standard v9 flow, regardless which device is sending
the data. ASA platforms have a very own
extension of v9 for reporting events about blocked traffic etc. These
extensions are not supported except by the special
version nfdump-1.5.7-nsel with patches, donated from CISCO. They will be
integrated into nfdump-1.6 for the next release.
This means that standard v9 flows from ASA devices are processed as expected,
but special flows from ASA are not. I
guess it depends on the ASA config, but I'm not an ASA expert.
But all that said, nfdump should not throw an exception with unknown flows.
I'll check that.
- Peter
>
>
>
> David Bowman | MIS Director | Nemetschek North America
>
>
>
> From: Rnel [mailto:[email protected]]
> Sent: Friday, January 15, 2010 2:45 PM
> To: [email protected]
> Cc: [email protected];
> [email protected]
> Subject: Re: [Nfsen-discuss] nfdump failed to display netflow stats
>
>
>
> I found what's causing the error. I have Cisco ASA5510 which I enabled
> netflow for about a month now and added it into list of sources in
> NFSen. Initially it wasn't giving any problem. But now I found out that
> excluding it in the netflow processing doesn't give the 'Floating Point
> Exception' error and it displays the netflow stats just fine. I guess I
> have to figure out how will I integrate Cisco ASA into my NFSen. If you
> have thoughts on this please advise.
>
> Thanks,
>
> /Arnel
>
>
>
>
>
>
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [email protected] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBS1WAjv5AbZRALNr/AQJXvQP+OVIhuS/Pz9JFSilOc62AazDV9vRv+jy7
Rt1ecu1xHGdTNZzabOJbiC7jKsfLpm5Mp5IMkYytSB7zNHocIrMutX/zNaxSrovB
VvhpjSUZVShBJzOBqlJ/YiQkXXdHtTBGNitynBLuCHgMz+zZ8xbG6bSltJBZLxUZ
MaCvKP4oup4=
=lHfK
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
