Hi all.
I deployment the ntop for monitoring probe's sflow the router hp msr20.
The settings in router HP(obs: my ip address the ntop is 192.168.4.139)
sflow agent ip 192.168.0.106
sflow collector 10 ip 192.168.4.139 description "CLI Collector"
interface Ethernet0/0
sflow sampling-rate 4000
sflow flow collector 10
sflow counter interval 5
sflow counter collector 10
In ntop my settings is:
sflow Device: router
Local Collector UDP Port: 6343
Virtual sFlow interface Network Address: 192.168.0.0/255.255.0.0
White List: 192.168.0.0/16
but not worked, in interface web not display notthing. In logs the
server display the follow message.
flow_sample_element length error (expected 1,found 148)
SFABORT: 3
flow_sample_element length error (expected 24,found 20)
SFABORT: 3
but via sflowtools worked (line command: sflowtool -t | tcpdump -r - )
09:34:01.000000 IP 192.168.32.77.80 > 192.168.122.51.1761: Flags [.],
ack 1384268703, win 63001, length 0
09:34:07.000000 IP 192.168.122.96.1714 > 192.168.38.48.80: Flags [P.],
seq 3571779354:3571780014, ack 342715174, win 65066, length 660
09:34:44.000000 IP 192.168.4.43.445 > 192.168.210.66.3188: Flags [P.],
seq 3458583136:3458583307, ack 4126553267, win 65427, length
171SMB-over-TCP packet:(raw data or continuation?)
09:34:59.000000 IP 192.168.20.91.80 > 192.168.122.64.1736: Flags [.],
seq 4166378782:4166380242, ack 2575054907, win 11792, length 1460
09:35:08.000000 IP 192.168.122.68.1309 > 192.168.1.113.1384: Flags [.],
ack 3021503196, win 65535, length 0
09:36:05.000000 IP 192.168.220.6.443 > 192.168.122.81.2290: Flags [P.],
seq 1920219081:1920219471, ack 2980763099, win 16675, length 390
09:36:11.000000 IP 192.168.211.65.1772 > 192.168.40.232.80: Flags [.],
ack 375762644, win 65535, length 0
09:36:12.000000 IP 192.168.122.97.1776 > 192.168.20.154.80: Flags [.],
ack 2809249079, win 65535, length 0
apparently work o sflow, but ntop not worked. may be a bug?
In analysis the code sflow.c
https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c
628
<https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L628>
static void lengthCheck(SFSample *sample, char *description, u_char
*start, int len) {
629
<https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L629>
uint32_t actualLen = (u_char *)sample->datap - start;
630
<https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L630>
if(actualLen != len) {
631
<https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L631>
syslog(LOG_ERR, "%s length error (expected %d, found
%d)\n", description, len, actualLen);
632
<https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L632>
SFABORT(sample, SF_ABORT_LENGTH_ERROR);
633 <https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L633> }
634 <https://trac.uninett.no/qflow/browser/trunk/collector/sflow.c#L634> }
from what I understand it uses a code sample to compare with the size of
the package but did not understand why. Is a bug? Any idea.
Regards
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
