Hi Simone, Thank you for the suggestion. Im not running: —snip— sudo nprobe --collector-port 9995 -i none -n none -V 9 -P ./flows/ -0t -b2 -T %EXPORTER_IPV4_ADDRESS —snip—
Same result: —snip— $ cat 23.flows | head -10 EXPORTER_IPV4_ADDRESS 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 —snip— The output from -b2 debug —snip-- 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 40:71:83:A6:A0:0D:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1450 bytes][ifIdx 1000007->1000004][0.0 sec][init Unknown][AS: 0 -> 0] 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 80:71:1F:92:DF:C2:0 -> 28:99:3A:06:85:C3:0 [1 pkt/76 bytes][ifIdx 1000004->1000001][0.0 sec][VLAN 10/10][init Unknown][AS: 0 -> 0] 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0] 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 28:99:3A:06:85:C3:0 -> 54:4B:8C:70:78:18:0 [1 pkt/1450 bytes][ifIdx 1000100->17][0.0 sec][VLAN 1231/1231[init Unknown][AS: 0 -> 0] 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0] 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX] 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX] 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [4C:16:FC:18:E8:AA -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000006 -> 1000100][subflowId: 0/0x0000][idx=1361][firstSeen=1509960269/0][direction: RX] 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960269/0][direction: RX] 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960270/0][direction: RX] 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [80:71:1F:92:DF:C2 -> 28:99:3A:06:85:C3][vlan 10/10][tos 0][ifIdx: 1000004 -> 1000100][subflowId: 0/0x0000][idx=1480][firstSeen=1509960270/0][direction: RX] —snip— Im concerned about the “NonIP 0.0.0.0” could that be the issue ? I’m happy to go back to Arista as ask to verify the device config ( unfortunately I dont have access to the actual switch ) regards Alan > On 06 Nov 2017, at 11:19, Simone Mainardi <[email protected]> wrote: > > Alan, > > Add nProbe options: > > -i none -n none -V 9 > > And report. In case you are still not getting the right exporter address, > please add -b 2 and report the full nProbe output. > > Regards, > > Simone > >> On 6 Nov 2017, at 09:04, Alan Kemp <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Guys >> >> I’m trying to collect sflow data from some Arista switches, and send them to >> a v9 netflow collector for processing. >> Which is working but not sending the IP addresses of the Arista exporter. >> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to text >> ( to avoid any issues with the netflow collector ), and I’m seeing 0.0.0.0 >> as the address a not the Arista’s >> >> I’m running >> —snip— >> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T >> %EXPORTER_IPV4_ADDRESS >> —snip-- >> >> The flow files. >> >> —snip— >> $ cat 06.flows >> EXPORTER_IPV4_ADDRESS >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> —snip— >> >> —snip— >> $ nprobe -v >> >> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu >> with native PF_RING acceleration. >> Copyright 2002-17 ntop.org <http://ntop.org/> >> >> Build OS: Ubuntu 14.04.5 LTS >> SystemID: 68A92F4082082B27 >> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023 >> License: Invalid nProbe license (/etc/nprobe.license) [Missing license >> file] >> >> —snip— >> >> >> Please can someone point me in the right direction or tell me what I’m doing >> wrong. >> >> Regards >> >> -- >> Alan Kemp >> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) >> Mobile: +27 83 257 5970 >> IRIS Network Systems >> >> >> >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Alan Kemp Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) Mobile: +27 83 257 5970 IRIS Network Systems
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
