so I'm completely clear here, in this case the router is the netFlow-device, as it sees the raw packets, correct?
thanks -----Original Message----- From: Burton Strauss [mailto:[EMAIL PROTECTED] Sent: Sunday, September 14, 2003 10:53 AM To: [EMAIL PROTECTED] Subject: RE: [Ntop] ntop netflow help Collector / probe, call it what you will, it's the device that sees the raw packets and produces the netflow packets who's address you need to mimic so that ntop correctly displays (in the netFlow-device) the data it receives. -----Burton ---------- Original Message ---------------------------------- From: John Hally <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Sat, 13 Sep 2003 22:39:45 -0400 >isn't the collector Ntop? if so, it has one interface, eth0, with an >address. > >?? > >thanks for the help! > >-----Original Message----- >From: Burton M. Strauss III [mailto:[EMAIL PROTECTED] >Sent: Friday, September 12, 2003 11:46 AM >To: [EMAIL PROTECTED] >Subject: RE: [Ntop] ntop netflow help > > >Most likely, you hadn't restarted netFlow after changing parameters - most >don't take effect until the next restart. > >It could also be this, which strikes me as wrong: > > Virtual Netflow Interface Local Network IP Address/Mask: >xxx.xxx.xxx.xxx/mask (ip and mask of eth0) > >It shouldn't be eth0, it should be the address of the flow collector - >remember, using netflow, it's as if ntop was located on that remote network, >but it needs to know what address to use. > >-----Burton > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John >Hally >Sent: Friday, September 12, 2003 10:28 AM >To: '[EMAIL PROTECTED]' >Subject: RE: [Ntop] ntop netflow help > > >Thanks Burton/Blake, > >I did had the nic switched to the netflow vir. For the fun of it I switched >to a different port from the default, changed my access lists, and >miraculously its working! I must have had a typo or something in the access >lists or something. > >Thanks for the help! > >-----Original Message----- >From: Burton M. Strauss III [mailto:[EMAIL PROTECTED] >Sent: Friday, September 12, 2003 10:04 AM >To: [EMAIL PROTECTED] >Subject: RE: [Ntop] ntop netflow help > > >Admin | Switch NIC > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John >Hally >Sent: Friday, September 12, 2003 8:05 AM >To: '[EMAIL PROTECTED]' >Subject: [Ntop] ntop netflow help > > > >Hello Everyone, > >I hope someone can point out what I'm doing wrong. The problem is I don't >see ntop collecting any netflow data. I have set up the router ok, as I'm >seeing stats on protocols and exports fine, but it never seems to make it to >the ntop box for processing. Here's how I'm configured: > >Cisco edge router: > > serial0: > ip route-cache flow > > Netflow export config: > ip flow export xxx.xxx.xxx.xxx(NAT IP thru FW to ntop box) >port 2055 version 5 > > Netflow aggregation config: > ip flow-aggregation protocol-port > cache entries 2046 > cache timeout inactive 200 > cache timeout active 45 > export destination xxx.xxx.xxx.xxx (NAT) 2055 > enabled > >FW has access list allowing 2055 (default netflow plugin port on Ntop) from >router address > >Ntop started like this: > > /usr/local/bin/ntop -i eth0 & > >Netflow plugin config: > Incoming Flows Local Collector UDP Port: 2055 > Virtual Netflow Interface Local Network IP Address/Mask: >xxx.xxx.xxx.xxx/mask (ip and mask of eth0) > White List IP Address/Mask(s) we store data from: >xxx.xxx.xxx.xxx/mask (ip and mask of router) > Black List Blank > Outgoing Flows Blank > Debug On > > >What am I missing? > >Thanks in advance. > >John H. >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop > >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop > >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop > ____________________________________________________________ Free 20MB Web Site Hosting and Personalized E-mail Service! Get It Now At Doteasy.com http://www.doteasy.com/et/ _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
