Alan, nProbe output is cropped. Please, share the FULL output.
Also try not to specify a template to run these tests. NonIP means there's traffic that is not IP (e.g., a DHCP request). Regards, Simone > On 6 Nov 2017, at 10:28, Alan Kemp <[email protected]> wrote: > > > Hi Simone, > > Thank you for the suggestion. > Im not running: > —snip— > sudo nprobe --collector-port 9995 -i none -n none -V 9 -P ./flows/ -0t -b2 > -T %EXPORTER_IPV4_ADDRESS > —snip— > > Same result: > > —snip— > $ cat 23.flows | head -10 > EXPORTER_IPV4_ADDRESS > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > 0.0.0.0 > —snip— > > The output from -b2 debug > > —snip-- > 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] > 40:71:83:A6:A0:0D:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1450 bytes][ifIdx > 1000007->1000004][0.0 sec][init Unknown][AS: 0 -> 0] > 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] > 80:71:1F:92:DF:C2:0 -> 28:99:3A:06:85:C3:0 [1 pkt/76 bytes][ifIdx > 1000004->1000001][0.0 sec][VLAN 10/10][init Unknown][AS: 0 -> 0] > 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] > 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx > 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0] > 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] > 28:99:3A:06:85:C3:0 -> 54:4B:8C:70:78:18:0 [1 pkt/1450 bytes][ifIdx > 1000100->17][0.0 sec][VLAN 1231/1231[init Unknown][AS: 0 -> 0] > 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] > 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx > 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0] > 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 > [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> > 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX] > 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 > [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> > 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX] > 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 > [4C:16:FC:18:E8:AA -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000006 -> > 1000100][subflowId: 0/0x0000][idx=1361][firstSeen=1509960269/0][direction: RX] > 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 > [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> > 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960269/0][direction: RX] > 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 > [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> > 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960270/0][direction: RX] > 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 > [80:71:1F:92:DF:C2 -> 28:99:3A:06:85:C3][vlan 10/10][tos 0][ifIdx: 1000004 -> > 1000100][subflowId: 0/0x0000][idx=1480][firstSeen=1509960270/0][direction: RX] > —snip— > > Im concerned about the “NonIP 0.0.0.0” could that be the issue ? > > I’m happy to go back to Arista as ask to verify the device config ( > unfortunately I dont have access to the actual switch ) > > regards > > Alan > > >> On 06 Nov 2017, at 11:19, Simone Mainardi <[email protected] >> <mailto:[email protected]>> wrote: >> >> Alan, >> >> Add nProbe options: >> >> -i none -n none -V 9 >> >> And report. In case you are still not getting the right exporter address, >> please add -b 2 and report the full nProbe output. >> >> Regards, >> >> Simone >> >>> On 6 Nov 2017, at 09:04, Alan Kemp <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Guys >>> >>> I’m trying to collect sflow data from some Arista switches, and send them >>> to a v9 netflow collector for processing. >>> Which is working but not sending the IP addresses of the Arista exporter. >>> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to text >>> ( to avoid any issues with the netflow collector ), and I’m seeing 0.0.0.0 >>> as the address a not the Arista’s >>> >>> I’m running >>> —snip— >>> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T >>> %EXPORTER_IPV4_ADDRESS >>> —snip-- >>> >>> The flow files. >>> >>> —snip— >>> $ cat 06.flows >>> EXPORTER_IPV4_ADDRESS >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> 0.0.0.0 >>> —snip— >>> >>> —snip— >>> $ nprobe -v >>> >>> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu >>> with native PF_RING acceleration. >>> Copyright 2002-17 ntop.org <http://ntop.org/> >>> >>> Build OS: Ubuntu 14.04.5 LTS >>> SystemID: 68A92F4082082B27 >>> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023 >>> License: Invalid nProbe license (/etc/nprobe.license) [Missing >>> license file] >>> >>> —snip— >>> >>> >>> Please can someone point me in the right direction or tell me what I’m >>> doing wrong. >>> >>> Regards >>> >>> -- >>> Alan Kemp >>> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) >>> Mobile: +27 83 257 5970 >>> IRIS Network Systems >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > -- > Alan Kemp > Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) > Mobile: +27 83 257 5970 > IRIS Network Systems > > > > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
