On 19.02.2013 14:49, Jan Markus wrote: > Hello, Hello. > > our Ministry of the interior now requires that IP traffic logs must > contain MAC addresses of our clients. I am trying to fulfil this with > Netflow v9 which (allegedly) should contain the MAC addresses of IP flows.
Netflow version 9 is flexible and allows you to use only necessary fields grouped in 'templates'. Currently ng_netflow supports 2 statically-defined templates (for v4 and v6 L3+L4) and SRC_MAC/DST_MAC are not included there.. > > But with no success so far... > > We have a mirror port on our core switch and capture the VLAN tagged > packets on em1 NIC on our FreeBSD 9.1 server. > > Our netflow collector is configured like this: > > kldload ng_ether > kldload ng_ksocket > kldload ng_netflow > > ifconfig em1 promisc -arp up > > ngctl mkpeer em1: netflow lower iface0 > ngctl name em1:lower netflow > ngctl connect em1: netflow: upper out0 > ngctl mkpeer netflow: ksocket export9 inet/dgram/udp > ngctl msg netflow:export9 connect inet/127.0.0.1:9995 > > We capture the netflow packets on the same machine like this: > > nfcapd -p 9995 -S 2 -T all -D -l ./ > > But when I try to get the log like this: > > nfdump -r nfcapd.201302191051 > nfcapd.201302191051.out > > All I get is date, protocol, src and dst IP and port, and number of > bytes, packets and flows. No information on MAC addresses whatsoever. > > What am I doing wrong? > > Thank you very much for your help, > -Jan > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > -- WBR, Alexander _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
