Sylvester if your fprobe sends the interfaceId, then nProbe will not overwrite it but use that one.
Luca On 07/20/2015 08:38 AM, sylvester d'souza wrote: > > I am trying to use nprobe as a proxy to consolidate traffic from 2 > physical linux firewall boxes and forward it to a manage engine > netflow analyzer collector. > > I use the following command on the firewalls (I cannot use nprobe here > because these are older boxes running centos 5) > fprobe-ulog -Xeth:100,bond:200,ppp:300 -n7 192.168.1.xxx:9995 > > and the following on the collector box running nprobe and the manage > engine software > nprobe -G -t 60 -d 15 -3 9995 -u 102 -Q 102 -n 127.0.0.1:9996 -V 9 > > eth2 on the firewalls is the WAN NIC, so I assume 102 will be the > correct index for in and out traffic? > > I can see all the data and traffic in the Analyzer but the interface > indexes are confusing. > It keeps adding a new interface for every external machine that > connects to the firewalls and eventually crashes the software. > > example : IfIndex20495, IfIndex1853, etc where i assume the number is > the last 4 bytes of the mac id of the originating device > > With the above configuration I was of the understanding that nprobe > would automatically reassign all traffic as belonging to the interface > defined using -u and -Q, is this not correct? > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
