It appears that it may be something with my current collector. While
debugging today, I decided to attempt to run Silk locally on the FreeBSD
netflow box.
When exporting locally, it is reading the netflow-v9 records. Yay!
Our collector is an older Linux box with a manually compiled current
version of Silk (not that it should matter which OS is running on the
collector) with the libfixbuf patch installed. I wonder what is going on
there, alas, that is not your problem :)
Thanks for the help!
----------
Brent Kolasinski
Cyber Security Program Office
Argonne National Laboratory
Phone: 630-252-2546
On 6/11/12 5:16 PM, "Kolasinski, Brent D." <bkolasin...@anl.gov> wrote:
>
>On 6/11/12 12:36 PM, "Alexander V. Chernikov" <melif...@freebsd.org>
>wrote:
>>
>>It seems so.
>>
>>Can you show "ngctl msg netflow: info" ouput ?
>
>Rec'd response "info" (805306369) from "[16]:":
>Args: { IPv4 bytes=4828162266587 IPv4 packets=1005674835 IPv4 records
>used=61793 fibs allocated=1 Active expiries=26901592 Inactive
>expiries=133410564 Inactive timeout=15 Active timeout=1800 }
>
>
>Now I am generating v5 netflow as well so I can compare - which I am
>seeing on the collector. I can turn that off and just leave v9 on if that
>helps for debugging purposes.
>
>>
>> > 1) bce0 -> in promiscuous mode listening to traffic off of a tap
>>
>>Does bce0 have both UP and RUNNING flags set ?
>
>Yup. Status is:
>
>bce0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC>
>metric 0 mtu 1500
>
> options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM
>,
>TSO4,VLAN_HWTSO,LINKSTATE>
> ether 00:19:b9:**:**:**
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
>
>
>--Brent
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
