Make sure you create an nProbe template with -T that contains VLAN information
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_SRC_MASK %IPV4_DST_MASK %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %SRC_TOS %PROTOCOL %ICMP_TYPE %INPUT_SNMP %SRC_AS %DST_AS %IPV4_NEXT_HOP %IPV6_NEXT_HOP %TCP_FLAGS %OUTPUT_SNMP %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %MIN_TTL %MAX_TTL %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN %DST_VLAN %DOT1Q_SRC_VLAN %DOT1Q_DST_VLAN %EXPORTER_IPV4_ADDRESS %IN_SRC_MAC %OUT_DST_MAC" -V 9 Simone > On 10 Nov 2017, at 19:55, Javier Narváez <[email protected]> wrote: > > Thank you Simone, that is great, however I cannot get it working, I have > changed "Disaggregation Criterion" from "none" to "VLAN id", then restarted > ntopng, and pressed F5 on my browser, however I cannot see any change, on the > interfaces dropdown I only see "tcp://127.0.0.1:5556" > > Hope you can help. Regards. > > Javier Narváez > > ----- Mensaje original ----- > De: "Simone Mainardi" <[email protected]> > Para: [email protected] > Enviados: Viernes, 10 de Noviembre 2017 19:39:16 > Asunto: Re: [Ntop-misc] Nprobe: Filter netflow by VLAN tag > > Yes, you can do that inside ntopng. See preferences / network interfaces and > select VLAN disaggregation. then restart ntopng and you will have each VLAN > as a separate interface. >> On 10 Nov 2017, at 17:06, Javier Narváez <[email protected]> wrote: >> >> Oh... And would be to possible to filter that vlan in ntopng? or configure >> nprobe in another mode? >> >> The data comes in sflow from an Arista Switch and there is a lot of flows I >> do not need... >> >> Thank you, kind regards. >> >> ----- Mensaje original ----- >> De: "Simone Mainardi" <[email protected]> >> Para: [email protected] >> Enviados: Viernes, 10 de Noviembre 2017 17:08:16 >> Asunto: Re: [Ntop-misc] Nprobe: Filter netflow by VLAN tag >> >> Javier, >> >> VLAN -- or, more in general, BPF -- filters are not supported when nProbe is >> used in collector mode. >> >> >> Simone >> >>> On 10 Nov 2017, at 13:16, Javier Narváez <[email protected]> wrote: >>> >>> Hi, >>> >>> I am running nprobe as follows: >>> nprobe --collector=none --zmq="tcp://127.0.0.1:5556" --collector-port=9996 >>> --interface=none -V 10 --verbose=2 >>> >>> And I get a lot of lines like this with several VLAN ids: >>> 10/Nov/2017 14:14:24 [engine.c:2886] Emitting Flow: [->][tcp] 5.6.7.8:63826 >>> -> 1.2.3.4:80 [1 pkt/52 bytes][ifIdx 1000001->1000010][0.0 sec][VLAN >>> 190/190][init Unknown][AS: xxx -> xxx] >>> >>> Would be possible to filter by VLAN and only send VLAN 190 to ntopng? >>> >>> Thank you in advance, kind regards. >>> Javier Narváez >>> <logo-150-ancho.png>_______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
