First issue: We are using cento to send netflow to multiple collectors for analysis. The nbox server has 4 pairs of TAP interfaces (8 NICs). We are sending as version 5 netflow, which has a field for the interface.
Bytes 12-13, and 14-15 in the flow record 12-13 | input | SNMP index of input interface 14-15 | output | SNMP index of output interface All of the flow packets are coming through with either "1" or "2" for those values, which is causing problems with our Kentik service and an internal collector. It appears this has been brought up before, but there isn't a solution mentioned. http://www.ntop.org/support/faq/how-do-i-set-the-input-and-output-interface-id/ How do we get cento to correctly report the interface ID? Second issue. We are seeing tcp traffic reported by cento sourcing and destined to the same IP, which is not physically possible. src_ip = dst_ip = same IP Any ideas how to prevent this? _______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
