what is the configuration you are using? Are you using netflow v9/ipfix? if so, this issue might be caused by the template. But this could be just an idea. Yuri ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ###############################################
> On 12 May 2015, at 01:17, Michael Jeung <[email protected]> wrote: > > Hello! > > I have ntopng setup with nprobe on my network for monitoring net flow devices. > > I'm pretty sure I've got it configured correctly because when I use the > Paessler Netflow Simulator to generate some sample netflow data, nprobe picks > it up as expected and I can see it visualized on ntopng. Great! > > However, now I'm trying to get nprobe to recognize traffic from one of my > network devices. I wrote some code that outputs netflow packets and for the > last couple of days I've made the output match the "good" packets that the > Paessler traffic generator is creating and nprobe is consuming. > > However, I'm running into a problem that is really stumping me. No matter > how closely I try to mirror the Paessler netflow traffic, nprobe consistently > ignores my traffic - but every time I start up the simulated Paessler > traffic, nprobe eagerly accepts it. (I can tell because I'm running nprobe > in verbose logging mode and I can see exactly when it emits a new flow over > zmq.) > > So, my question is this: is there a good way to get nprobe to tell me WHY > it's ignoring the netflow packets that I generate? > > Right now, I'm sending my netflow packets to nprobe on port 2055 (just like > Paessler) but I don't see anything show up in the log. It's like nprobe is > just silently dropping my packets. > > I've verified my netflow packets are hitting the nprobe CentOS box with > tcpdump. I've also verified that my netflow packets are well-formed using > Wireshark. I'm quite confused why nprobe seems to be ignoring me, but picks > up Paessler's simulated traffic no problem. > > Is there some persistent nprobe data I need to flush? (I've tried rebooting, > no luck.) Maybe nprobe has somehow locked on to the simulated traffic and > that's why it's ignoring me? > > Any tips would be greatly appreciated! Thanks, > > Michael > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
