Ok, It seems like fprobe is the issue.
We have purchased the standard unix license for nprobe, Is there some way we
can request rpms for Centos/RHEL 5 32 bit?
On Monday, 20 July 2015, 13:56, Luca Deri <[email protected]> wrote:
Sylvester
if your fprobe sends the interfaceId, then nProbe will not overwrite it but
use that one.
Luca
On 07/20/2015 08:38 AM, sylvester d'souza wrote:
I am trying to use nprobe as a proxy to consolidate traffic from 2 physical
linux firewall boxes and forward it to a manage engine netflow analyzer
collector.
I use the following command on the firewalls (I cannot use nprobe here
because these are older boxes running centos 5)
fprobe-ulog -Xeth:100,bond:200,ppp:300 -n7 192.168.1.xxx:9995
and the following on the collector box running nprobe and the manage engine
software nprobe -G -t 60 -d 15 -3 9995 -u 102 -Q 102 -n 127.0.0.1:9996 -V 9
eth2 on the firewalls is the WAN NIC, so I assume 102 will be the correct
index for in and out traffic?
I can see all the data and traffic in the Analyzer but the interface indexes
are confusing.
It keeps adding a new interface for every external machine that connects to
the firewalls and eventually crashes the software.
example : IfIndex20495, IfIndex1853, etc where i assume the number is the
last 4 bytes of the mac id of the originating device
With the above configuration I was of the understanding that nprobe would
automatically reassign all traffic as belonging to the interface defined using
-u and -Q, is this not correct?
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
