Hi
I need to capture NAT44 netflow packets from a Cisco CGN device. I have
compile nfdump using
./configure --enable-readpcap --prefix=${HOME} --with-rrdpath=/usr
--enable-devel --enable-nsel --enable-nel
I am not getting external port numbers/ranges/step, instead when I run with
/home/jablo/src/nfdump/bin/nfcapd -E -f /home/jablo/nfdumpanalysis/nf.pcap
-Tnel,nsel -w -l /tmp/log/netflow -S 1 -p 9995 -x
/usr/local/sbin/nfdump2json.sh /tmp/log/netflow/%f
to get copious debug output I get
Skip unknown element type: 361, Length: 2
Skip unknown element type: 363, Length: 2
Skip unknown element type: 364, Length: 2
which corresponds nicely to the Cisco documented template values for
Port block start
Port block step size
Number of ports in block
respectively.
I am looking into trying to add those fields to nfcapd. So far I have added
#defines for those IDs in netflow_v9.h. I have added definitions for those
fields in th table v9_element_map in netflow_v9.c.
I may be dense, but I don't see how or where to add PushSequence(...)
calls. And for that matter if what more I need to add in order to capture
those fields.
Any help or pointers would be appreciated.
Thanks in advance,
/Jacob
See Table 2 in
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-bpa.html
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
