I'm trying to use nProbe (v.7.0.141203 (r4553)) with the following setup: juniper ex switch --- sflow/jflow udp 6343 ---> nProbe --- udp 2055 --> collector
I'd eventually like to convert from junipers sflow/jflow to netflow v9, but from what I can tell, nProbe isn't sending anything to the collector. I've found http://www.gossamer-threads.com/lists/ntop/misc/31468 and given a similar command a try, but even after running nprobe for a few minutes and seeing sflow come into the box from tcpdump, when I close nprobe, it claims: 24/Apr/2015 12:51:28 [plugin.c:270] Terminating plugins. 24/Apr/2015 12:51:28 [nprobe.c:4570] Still allocated 0 hash buckets 24/Apr/2015 12:51:28 [nprobe.c:2294] Processed packets: 0 (max bucket search: 0) 24/Apr/2015 12:51:28 [nprobe.c:2277] Fragment queue length: 0 24/Apr/2015 12:51:28 [nprobe.c:2303] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 24/Apr/2015 12:51:28 [nprobe.c:2310] Flow collection: [collected pkts: 0][processed flows: 0] 24/Apr/2015 12:51:28 [nprobe.c:2313] Flow drop stats: [0 bytes/0 pkts][0 flows] 24/Apr/2015 12:51:28 [nprobe.c:2318] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] I've tried a handful of commands, including: nprobe --collector-port 6343 -n <ip>:2055 nprobe -3 6343 -i none -n <ip>:2055 -m 1 -z 1 nprobe --collector-port 6343 -i none -n none -P /tmp/flows -D t When I add -i and my interface, my collector does receive some occasional flows, due to me being ssh'd into the machine. I can't seem to get any output from nprobe once it has started until I close the program. Again, I'm seeing traffic from the switch to 6343 on the nprobe server from tcpdump, but even with -b 2 and --debug, I simply get: 24/Apr/2015 13:01:53 [collect.c:99] Created UDP sockets 24/Apr/2015 13:01:53 [collect.c:158] Flow collector listening on port 6343 (IPv4/v6) 24/Apr/2015 13:01:53 [nprobe.c:6553] WARNING: ***************************************** 24/Apr/2015 13:01:53 [nprobe.c:6554] WARNING: ** You're running nprobe in DEBUG mode ** 24/Apr/2015 13:01:53 [nprobe.c:6555] WARNING: ***************************************** 24/Apr/2015 13:01:53 [nprobe.c:6572] Starting 1 packet fetch thread(s) 24/Apr/2015 13:01:53 [nprobe.c:6660] nProbe started successfully 24/Apr/2015 13:01:53 [engine.c:3073] Starting bucket dequeue thread The only thing I could think of that may be the issue is my sampling from the Juniper is currently set to 1 in every 5000, as I'm not trying to stress the production network at the moment. Has anyone gotten a setup like this to work, or know any additional debugging tips to see why nprobe is ignoring the flows? Thanks, Charles
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
