hi folks, I've been using NfSen and nfcapd for a while for collecting netflow data. Few days ago, I started experimenting with yaf probes, in order to connect them to my NfSen installation. According to the nfcapd manual, it should support IPFIX protocol which is spoken by Yaf. Nevertheless, when sending data from Yaf to NfSen, my log files are full of messages like this:
Jun 16 14:33:13 myserv nfcapd[24476]: Process_ipfix: Corrupt data flowset? Pad bytes: 37 Jun 16 14:33:13 myserv nfcapd[24476]: Process_ipfix: Corrupt data flowset? Pad bytes: 37 Jun 16 14:33:13 myserv nfcapd[24476]: Process_ipfix: Corrupt data flowset? Pad bytes: 37 Also, from NfSen graphs I can see that only a small part of my traffic is actually captured. >From the Yaf mailing list, I have found a post from exactly 1 year ago which seems to suggest that nfcapd does not implement IPFIX protocol fully, and lacks support for variable length elements: https://lists.sei.cmu.edu/pipermail/netsa-tools-discuss/2014-June/000002.html What is the current status of IPFIX support in nfcapd, and is there are workaround for my problem? kind regards, risto
------------------------------------------------------------------------------
_______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
