On 08/02/2011 02:29 PM, David Meier wrote:
Interestingly enough I found out that even though the UDP listener is binding
to, supposedly, everything:
udp 0 0 0.0.0.0:2055 0.0.0.0:*
1174/ntop
...the particular interface I'm directing the traffic to is getting the traffic
(known via tcpdump), but the ntop listener is not accepting it. Is there any
way to force the listener to a specific interface instead of having it start on
0.0.0.0?
No it is not at the moment. Would you like to specify something like
a.b.c.d:2055 where a.b.c.d is one IP address you have?
Luca
I tried running a Netflow generator and pointed it at both my management
interface (i.e. ntop web / ssh) which then showed the Netflow traffic and then
moved it back over to the interface I want to sink the traffic towards and it
stops showing up.
Thanks,
--Dave
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Gary Gatten
Sent: Monday, August 01, 2011 4:50 PM
To: '[email protected]'
Subject: Re: [Ntop] Ntop& v9 Netflow
Does netstat -an show a listener for netflow? Rarely it appears like it
started correctly, but dies without notice.
If a thread is "running" on your host for netflow, then I have no idea what
your prob is. What are your startup args and any custom prefs?
----- Original Message -----
From: David Meier [mailto:[email protected]]
Sent: Monday, August 01, 2011 04:08 PM
To: [email protected]<[email protected]>
Subject: Re: [Ntop] Ntop& v9 Netflow
Yes. I'm viewing the traffic (or lack thereof) via the 'Netflow-device.x'.
The 'netflow statistics' state: 'No Data to Display (yet)'.
I have a router pushing v5 flows to it as well - no dice. Very odd that I see
the traffic via tcpdump.
</stumped>
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Gary Gatten
Sent: Monday, August 01, 2011 3:19 PM
To: '[email protected]'
Subject: Re: [Ntop] Ntop& v9 Netflow
I know this will sound basic, but did you "switch NIC" in the "Admin" tools and
select your netflow interface?
What if you view the netflow statistics? Anything interesting there?
When using v9 there has been some issues with templates. Can you try v5 and
see if that works?
G
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Meier
Sent: Monday, August 01, 2011 3:07 PM
To: [email protected]
Subject: [Ntop] Ntop& v9 Netflow
I'm currently trying to deploy some Ntop boxes which will ultimately be Netflow
v9 collectors. I have two interfaces on each box; one is used for SSH
management / Ntop web interface and the other is a specialized interface to act
as the Netflow 'sink'.
The problem I'm running into is that the netflow seems to be getting to the
'sink' interface (if I tcpdump it out to pcap I see that it's Netflow v9
records), however nothing ever shows up in Ntop even though I have the Netflow
plugin configured. I've tried turning debug on (for the plugin) but I don't
see any additional information in the log.
Is there any better way to run the daemon to get better debug?
The version I'm running is:
ntop v.4.1.0 (64 bit) [x86_64-2.6.32-33-server-linux-gnu]
Thanks in advance!!!
________________________________
Note: This e-mail and any attachments may be privileged and confidential and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any disclosure, copying,
distribution or use of this e-mail and any attachments is strictly prohibited.
If you have received this e-mail in error, please notify us immediately by
returning it to the sender and deleting it from your computer system. Thank you
for your cooperation.
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div> "This email is intended to be reviewed by only the intended recipient and
may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that any review,
use, dissemination, disclosure or copying of this email and its attachments, if
any, is strictly prohibited. If you have received this email in error, please
immediately notify the sender by return email and delete this email from your
system."
</font>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div> "This email is intended to be reviewed by only the intended recipient and
may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that any review,
use, dissemination, disclosure or copying of this email and its attachments, if
any, is strictly prohibited. If you have received this email in error, please
immediately notify the sender by return email and delete this email from your
system."
</font>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
