Hello Luca, I tried to use the following cento.conf: # cat /etc/cento/cento.conf -p=/var/run/cento.pid -t=30 -d=20 -9=x.x.x.x:9998 -i=fge1 -i=fge2 -g=0,1 -G=2,3 -D=0 --syslog=cento -b --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6
M. On 20.11.2017 12:17, Luca Deri wrote: > Matej, > can you please share the flow command line you are using? > > Luca > >> On 18 Nov 2017, at 21:21, Matěj Grégr <igr...@fit.vutbr.cz> wrote: >> >> Hello, >> following and older thread: >> >> On 10.02.2017 14:54, Luca Deri wrote: >>> Hi Jesse >>> please see below >>> >>> On 02/10/2017 02:08 PM, Jesse Alexander wrote: >>>> First issue: >>>> We are using cento to send netflow to multiple collectors for analysis. >>>> The nbox server has 4 pairs of TAP interfaces (8 NICs). We are sending as >>>> version 5 netflow, which has a field for the interface. >>>> >>>> Bytes 12-13, and 14-15 in the flow record >>>> 12-13 | input | SNMP index of input interface >>>> 14-15 | output | SNMP index of output interface >>>> All of the flow packets are coming through with either "1" or "2" for >>>> those values, which is causing problems with our Kentik service and an >>>> internal collector. >>>> >>>> It appears this has been brought up before, but there isn't a solution >>>> mentioned. >>>> http://www.ntop.org/support/faq/how-do-i-set-the-input-and-output-interface-id/ >>>> >>>> How do we get cento to correctly report the interface ID? >>> >>> In the current cento (devel) you can do >>> --iface-id <in>:<out> | Set input/output interfaceId >>> in exported flows >>> where >>> - interface indexes and (router) MAC/IP addresses >>> Flag --iface-id is used to specify the SNMP interface identifiers >>> for emitted flows. >>> However using --if-networks it is possible to specify an interface >>> identifier to which >>> a MAC address or IP network is bound. The syntax of --if-networks is: >>> <MAC|IP/mask>@<interfaceId> where multiple entries can be separated >>> by a comma (,). >>> Example: --if-networks "AA:BB:CC:DD:EE:FF@3,192.168.0.0/24@2" or >>> --if-networks @<filename> where <filename> is a file path containing >>> the networks >>> specified using the above format. >>> >> It doesn't work for me. I have the same issue as Jesse - all flows from >> cento are exported with if interface 1, out interface 2. >> >> I mirror traffic from router to the following two interfaces on cento box: >> >> 3: fge1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >> state UP mode DEFAULT qlen 1000 >> link/ether 68:05:ca:34:89:c0 brd ff:ff:ff:ff:ff:ff >> 5: fge2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >> state UP mode DEFAULT qlen 1000 >> link/ether 68:05:ca:34:89:c1 brd ff:ff:ff:ff:ff:ff >> >> I tried to set the interface indexes to 5 and 6 using: >> --if-networks "68:05:ca:34:89:c0@5,68:05:ca:34:89:c1@6" >> >> However, I still see only 1 for incomming and 2 for outgoing index in >> flow data: >> >> Flow Record: >> Flags = 0x00 FLOW, Unsampled >> <snip> >> input = 1 >> output = 2 >> >> Running cento --version >> v.1.3.171116 >> >> Any idea what I am doing wrong? >> >> Thanks, >> Matej >> >> _______________________________________________ >> Ntop mailing list >> Ntop@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
