On 13/12/2017 08:36, [email protected] wrote:
nfsen problem with Fortigate.
WHen i check with tcpdump i got the following lines streaming
Can you try with wireshark (tshark) as well: # tshark -i eth0 -nnV -s0 -d udp.port==9995,cflow udp port 9995 Initially you should see undecoded packets, but after a while it should start decoding (when the template info is received). Look in your firewall settings to see if there is one to change the template sending interval, and crank it down to 5 minutes.
But there is no data collecting. I can see sflow and netflow collectors on ps -ef..
Are they listening on the right ports? # netstat -naup Also, what if you attach strace to one of those processes (strace -p <pid>) while data is coming in? Note: once you get this working, please see https://github.com/phaag/nfdump/issues/65 if you see bad flow sizes, and then you can capture some traffic to help debug. Regards, Brian. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
