Hello, I've used an application called samplicate to separate out multiple flows on the same udp port. That seems to work well. So all my routers send NetFlow to HOST1 on port X. nProbe won't filter the flow based on sender (I saw the --collection-filter parameter which seemed like it would do this but that didn't seem to work). So samplicate will forward the data based on sender to other UDP ports on the server and then I can run multiple nProbe proxies on those individual UDP ports. And then ntopng collects from all those nProbes. It's working great for me. I couldn't find a definitive source for samplicate but I used this: https://github.com/sleinen/samplicatorI compiled on windows with cygwin.One issue I have is samplicator doesn't seem to share the port. So if it's listening on port X, I can't also bind nProbe to that port (if i want to see the traffic in aggregate) Perhaps this will work for you
Dan.carlton at IGT said.... I have tried that also: 25/Jun/2015 06:00:46 [nprobe.c:6345] WARNING: You cannot use BPF filters (ip and not proto ipv6 and not ether host 00:00:00:00:00:00) in collector/proxy mode: BPF filter disabled cat nprobe.conf -i=none -n=none -3=2055 --zmq tcp://127.0.0.1:5556 -f="ip and not proto ipv6 and not ether host 00:00:00:00:00:00"
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
