Duncan I have made some changes to NetFlow in ntop 4.1.x that is in SVN now. Can you please use that one and see if it works?
Thanks Luca On Nov 28, 2011, at 4:22 PM, Duncan Drury wrote: > I am hoping to get ntop to help me understand bandwidth in 40 remote offices > connecting to our VPN using Cisco ASA 5505. > > I am having trouble understanding exactly how I should configure ntop to > handle netflow data from the ASAs. > > The ntop server is at our head office, connected to the core-switching via > one ethernet NIC. It is on the same subnet as our head office ASA 5510s. I > have one 5510 at head office, and one in a remote office, configured to send > netflow data to the ntop server ip address 172.16.9.124. > > Each remote office has its own subnet, with the ASA 5505 in that subnet (e.g. > Nairobi is 10.6.128.0/24 with ASA at 10.6.128.200) > > I have created one Netflow Device in ntop. I configured the Local Collector > UDP port to be 2055. I am not clear whether the Virtual Network Interface > Network Address is a separate IP address for the Netflow Device, or whether > this should be a Network Address (e.g. 172.16.9.0/24), and if it is a network > address, should this be the network in which a device I am sending netflow > from is (e.g. one of the remote office subnets). > > Do I need a Netflow Device per probe (i.e. one for each of my ASA 5505 and > ASA 5510s)? > > I can see that Netflow data is reaching ntop - the statistics under Plugins > > Netflow > Statistics are increasing, including the number of V9 templates > received. However, the Summary > Traffic view for Netflow-device.2 is not > showing any details at all. > > Statistics relating to broadcast traffic on the local subnet of the ntop > server are showing up fine under the summary traffic view for eth0. > > So I think the ASA side of the configuration is all working correctly, but I > haven't got ntop configured right for netflow. I've read the docs, but not > finding them clear enough for me. > > Can anyone give any pointers? > > Many thanks, > > Duncan > -- > Duncan Drury > International Operations Manager > Christian Aid - www.christian-aid.org > > T: +44 20 7523 2068 > E: [email protected] > Skype: caid-ddrury > -- > > > Christian Aid - East Africa Emergency Appeal. > > Help us respond to the food crisis in \East Africa. Donate via our website or > give £5 by texting AFRICA to 70800 > > Save paper, save trees and only print this email if you have to. > > Christian Aid is a charity and company limited by guarantee registered in > England and Wales: 35 Lower Marsh, London SE1 7RL. UK registered charity no. > 1105851. Company no. 5171525. > > Christian Aid also operates in Scotland: Registered Office: 41 George IV > Bridge, Edinburgh, EH1 1EL. Charity no. SC039150 > > Christian Aid Ireland is a charity and company limited by guarantee > registered in Northern Ireland: Unit 6 Linden House, Beechill Business Park, > Belfast, BT8 7QN. Northern Ireland charity no: XR94639. Company no. NI059154. > > Christian Aid Ireland is a registered charity and registered company limited > by guarantee: 17 Clanwilliam Terrace, Dublin 2. Republic of Ireland charity > no. CHY 6998. Company no. 426928. > > Christian Aid Trading Limited is a company limited by guarantee registered in > England and Wales: 35 Lower Marsh, London SE1 7RL. Company no. 1001742. > This e-mail has been scanned for viruses by Webroot. > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop --- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
