Hello, I am new to nprobe and would like to ask for some advice on the most efficient way to use the proxy functionality for my needs. I have done some reading on the lists and user manuals and it seems like there may be several ways I could configure nprobe to do what I am looking for. We do have some limitation in how we are receiving the flows and need to support existing processes that make this setup less than ideal. I have been able to get nprobe configured to do the proxy of all flows to the multiple destinations and it is working. However, I am not really sure what the best way is to limit the second proxy feed to only certain subnets. I noticed the -blacklist option but I am looking for a whitelist. Below is a summary of my lab setup and what I am trying to accomplish. Thank you in advance for your help.
Setup: Existing netflow appliance receives flows from our aggregation routers. The Appliance then tees an aggregated flow feed to our linux test system on port 15001. We would like nprobe to collect the flows from port 15001 on our linux test system and then: * Proxy all flows to localhost:15002 where another existing application is reading and writing all flows to disk. * Proxy only a subset of approximately 100 subnets to remote_system:2055. Version information: nProbe Standard [Unix] $ nprobe -v Welcome to nprobe v.6.9.7 ($Revision: 2406 $) for x86_64-unknown-linux-gnu Copyright 2002-12 by Luca Deri [email protected]<mailto:[email protected]> Thanks, Lisa
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
