Loic please file an enhhancement issue for Office365: in essence you don't want to emit flows for protocol X,Y,Z that in your case is Office365? Luca
On 05/24/2016 09:24 AM, Loic CRUCHADE wrote: > > Hello, > > > > Thanks for the reply. > > I reached the same goal with the « collection-filter » argument. > > But i had some problems too. The « ! » was returning a shell fuction i > think. Whan use it put some « yum install… » instead of the « ! ». > > I solved this by using a configuration file for nprobe. > > Now, the last thing i have to do is to filter only Office365 flows, > but it’s tricky because of there is almost 1000 IP to filter. > > If anybody have an idea. > > Thanks again. > > > > CRUCHADE Loïc > > 05.82.52.22.02 > > Service Exploitation Informatique > > Direction des Systèmes d’information > > logo > > > > *De :*[email protected] > [mailto:[email protected]] *De la part de* Luca Deri > *Envoyé :* mardi 24 mai 2016 09:02 > *À :* [email protected] > *Objet :* Re: [Ntop-misc] Nprobe black list network > > > > Loïc > > I have just tested and it seems to work for me. What nprobe version > are you using? I have tested the latest 7.3 release. > > > > Please add a “ “ between the blacklist parameter to make sure the > shell does not mess-up. If still not working, please file a bug > at https://github.com/ntop/nProbe/issues > > > > Regards Luca > > > > > > On 23 May 2016, at 10:10, Loic CRUCHADE <[email protected] > <mailto:[email protected]>> wrote: > > > > Hello, > > > > I recently bought Nprobe pro. I collect Netflow V9 and then sent > it back in V5 to a server. > > I need to blacklist some networks, so i used the « --black-list » > argument, but it does not seems to works. > > > > Here is the command i use : > > nprobe -n udp://10.11.1.140:2055 -i none -t 20 -d 20 -a 0 -e 1 -b > 2 -w 128000 -z 0 -S 1:1 -u 1 -Q 1 -3 9995 > --zmq tcp://127.0.0.1:5556 -V5 -G --black-list > 10.7.0.0/16,10.1.0.0/16,10.11.0.0/16,192.168.0.0/16 > > > > And here is somes logs of networks that i dont want to send back > to my server : > > 23/May/2016 09:55:43 [engine.c:2541] Emitting Flow: > [->][icmp] *10.1.1.104:2048 -> 10.2.1.41:0 *[1 pkt/60 bytes][ifIdx > 22273->111][0.0 sec][ECHO REPLY][init Unknown][AS: 0 -> 0] > > 23/May/2016 09:55:46 [engine.c:2568] Emitting Flow: > [<-][icmp] *10.2.1.42:0 -> 10.1.1.48:2048* [2 pkt/120 bytes][ifIdx > 111->22273][0.0 sec][AS: 0 -> 0] > > 23/May/2016 09:55:42 [engine.c:2361] New Flow: > [icmp] *10.1.1.104:2048 -> 10.2.1.1:0* [00:00:00:00:00:00 -> > 00:00:00:00:00:00][vlan 65535][tos 0][ifIdx: 22273 -> > 111][subflowId: 0/0x0000][idx=69225] > > > > What did i do wrong ? > > > > Thanks for you help ! > > > > CRUCHADE Loïc > > 05.82.52.22.02 > > Service Exploitation Informatique > > Direction des Systèmes d’information > > <image001.png> > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
