Hello, I have added "--interpret-flow-packets" to see what is happening, does this options disables packet export? Anyway, I have tried to run nprobe according to your advice with nflite plugin explicity enabled (nprobe -i none --nflite 2055 -b 2), but it did not help - nprobe shows 0 packets processed ; I can see that the switch sends templates and frame slices roughly as expected (as far as I can tell - i've tried to dissect one manually).
# nprobe -i none --nflite 2055 -b 2 (...) 15/Jan/2016 00:22:38 [nflitePlugin.c:900] [NFLite] Created UDP socket [# sockets: 1] 15/Jan/2016 00:22:38 [nflitePlugin.c:904] [NFLite] Listening on port range 2055-2055 (1) 15/Jan/2016 00:22:38 [nflitePlugin.c:914] [NFLite] Initialized NetFlow-Lite plugin (...) 15/Jan/2016 00:22:38 [nprobe.c:6628] Welcome to nProbe v.7.3.160113 for x86_64-unknown-linux-gnu (...) 15/Jan/2016 00:22:38 [plugin.c:821] Disabling plugin MySQL Plugin (no template is using it) 15/Jan/2016 00:22:38 [plugin.c:825] Enabling plugin Netflow-Lite Plugin 15/Jan/2016 00:22:38 [plugin.c:821] Disabling plugin Oracle Protocol (no template is using it) (...) 15/Jan/2016 00:22:38 [nprobe.c:7054] Starting 1 packet fetch thread(s) 15/Jan/2016 00:22:38 [engine.c:3176] Starting bucket dequeue thread 15/Jan/2016 00:22:38 [nprobe.c:7142] nProbe started successfully ... 9 hours later .... ^C 15/Jan/2016 09:28:17 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec] 15/Jan/2016 09:28:17 [nprobe.c:390] Received shutdown request... [signal: 2] 15/Jan/2016 09:28:17 [nflitePlugin.c:770] [NFLite] Terminating thread 0 15/Jan/2016 09:28:17 [nprobe.c:4778] nProbe is shutting down... 15/Jan/2016 09:28:17 [nprobe.c:4814] Exporting pending buckets... 15/Jan/2016 09:28:17 [nprobe.c:4835] Pending buckets have been exported... 15/Jan/2016 09:28:19 [engine.c:3259] Export thread terminated [exportQueue=0] 15/Jan/2016 09:28:19 [nprobe.c:4894] Flushing queued flows... 15/Jan/2016 09:28:19 [nprobe.c:4897] Freeing memory... 15/Jan/2016 09:28:19 [plugin.c:280] Terminating plugins. 15/Jan/2016 09:28:19 [plugin.c:285] Terminating Netflow-Lite Plugin 15/Jan/2016 09:28:19 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec] 15/Jan/2016 09:28:19 [nprobe.c:4990] Still allocated 0 hash buckets 15/Jan/2016 09:28:19 [nprobe.c:2495] Processed packets: 0 (max bucket search: 0) 15/Jan/2016 09:28:19 [nprobe.c:2478] Fragment queue length: 0 15/Jan/2016 09:28:19 [nprobe.c:2504] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 15/Jan/2016 09:28:19 [nprobe.c:2514] Flow drop stats: [0 bytes/0 pkts][0 flows] 15/Jan/2016 09:28:19 [nprobe.c:2519] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 15/Jan/2016 09:28:19 [nprobe.c:5003] Cleaning globals 15/Jan/2016 09:28:19 [nprobe.c:5023] nProbe terminated. thank you / regards Andrzej On Tue, Jan 12, 2016 at 12:18 PM, Luca Deri <[email protected]> wrote: > Hi Andrey > you do not need to do "--interpret-flow-packets --debug” as this are only for > debugging. > > For NFlite you need to use the NFlite plugin (as NFLite flows are called > NetFlow…. but the name is misleading), so something like > > nprobe -i none --nflite 2055 -b 2 > > Cheers Luca > > >> On 11 Jan 2016, at 16:03, Andrzej Miesiak <[email protected]> wrote: >> >> Hello, >> >> I try to use nprobe as Cisco Netflow-Lite aggregator with C4849E >> switch; nprobe is receiving templates and packet samples, but no flows >> are exported. Is there anyone using this feature? My switch config and >> nprobe debug output: >> >> ! >> netflow-lite exporter nprobe >> transport udp 2055 >> template data timeout 60 >> options sampler-table timeout 60 >> options interface-table timeout 60 >> source <my switch ip> >> destination <my nprobe host> >> netflow-lite sampler sampl >> packet-rate 32 >> ! >> interface GigabitEthernet1/1 >> netflow-lite monitor 1 >> sampler sampl >> exporter nprobe >> >> >> # nprobe --nflite 2055 -3 2055 -i none -n 127.0.0.1:9996 -V 10 >> --interpret-flow-packets --debug -b 2 -t 15 >> (...) >> 11/Jan/2016 21:11:25 [nflitePlugin.c:900] [NFLite] Created UDP socket >> [# sockets: 1] >> 11/Jan/2016 21:11:25 [nflitePlugin.c:904] [NFLite] Listening on port >> range 2055-2055 (1) >> 11/Jan/2016 21:11:25 [nflitePlugin.c:914] [NFLite] Initialized >> NetFlow-Lite plugin >> (...) >> 11/Jan/2016 21:12:08 [collect.c:1081] >>>>> Defined flow template >> [id=304][flowLen=104][fieldCount=11] >> 11/Jan/2016 21:12:08 [collect.c:1096] Moving 44 bytes forward: new >> offset is 72 [stillToProcess=0] >> 11/Jan/2016 21:12:11 [collect.c:1750] NETFLOW_DEBUG: Received 128 bytes flow >> 11/Jan/2016 21:12:11 [collect.c:833] [displ=20][01 30 00] >> 11/Jan/2016 21:12:11 [collect.c:1109] Found FlowSet [displ=20] >> 11/Jan/2016 21:12:11 [collect.c:1154] >>>>> Rcvd flow with known >> template 304 [24...108] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=24/108][template=304][fieldId=312][fieldLen=2][isPenField=0][field=0/11] >> [24...128] [accum_len=0] [00 D4 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=26/108][template=304][fieldId=319][fieldLen=8][isPenField=0][field=1/11] >> [26...128] [accum_len=2] [00 00 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=34/108][template=304][fieldId=318][fieldLen=8][isPenField=0][field=2/11] >> [34...128] [accum_len=10] [00 00 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=42/108][template=304][fieldId=277][fieldLen=2][isPenField=0][field=3/11] >> [42...128] [accum_len=18] [00 01 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=44/108][template=304][fieldId=138][fieldLen=4][isPenField=0][field=4/11] >> [44...128] [accum_len=20] [00 00 00 01] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=48/108][template=304][fieldId=302][fieldLen=2][isPenField=0][field=5/11] >> [48...128] [accum_len=24] [00 01 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=50/108][template=304][fieldId=167][fieldLen=4][isPenField=0][field=6/11] >> [50...128] [accum_len=26] [00 00 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=54/108][template=304][fieldId=10][fieldLen=4][isPenField=0][field=7/11] >> [54...128] [accum_len=30] [00 00 00 01] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=58/108][template=304][fieldId=14][fieldLen=4][isPenField=0][field=8/11] >> [58...128] [accum_len=34] [00 00 00 00] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=62/108][template=304][fieldId=103][fieldLen=2][isPenField=0][field=9/11] >> [62...128] [accum_len=38] [00 40 33 33] >> 11/Jan/2016 21:12:11 [collect.c:1208] >>>>> Dissecting flow field >> [optionTemplate=0][displ=64/108][template=304][fieldId=104][fieldLen=64][isPenField=0][field=10/11] >> [64...128] [accum_len=40] [33 33 00 00] >> 11/Jan/2016 21:12:14 [collect.c:1750] NETFLOW_DEBUG: Received 72 bytes flow >> ^C >> 11/Jan/2016 21:13:32 [cache.c:1210] Redis Cache [0 total/0.0 >> get/sec][0 total/0.0 set/sec] >> 11/Jan/2016 21:13:32 [nprobe.c:394] Received shutdown request... [signal: 2] >> (...) >> 11/Jan/2016 21:13:35 [plugin.c:285] Terminating Netflow-Lite Plugin >> (...) >> 11/Jan/2016 21:13:35 [nprobe.c:2505] Processed packets: 33 (max bucket >> search: 0) >> 11/Jan/2016 21:13:35 [nprobe.c:2488] Fragment queue length: 0 >> 11/Jan/2016 21:13:35 [nprobe.c:2514] Flow export stats: [0 bytes/0 >> pkts][0 flows/0 pkts sent] >> 11/Jan/2016 21:13:35 [nprobe.c:2521] Flow collection: [collected pkts: >> 148][processed flows: 0] >> 11/Jan/2016 21:13:35 [nprobe.c:2524] Flow drop stats: [0 bytes/0 >> pkts][0 flows] >> 11/Jan/2016 21:13:35 [nprobe.c:2529] Total flow stats: [0 bytes/0 >> pkts][0 flows/0 pkts sent] >> 11/Jan/2016 21:13:35 [nprobe.c:5078] Cleaning globals >> 11/Jan/2016 21:13:35 [nprobe.c:5098] nProbe terminated. >> >> >> regards >> >> Andrzej >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
