Hi Jeffrey, On 31/03/2015 18:39, Horn, Jeffrey D. wrote:
We have a server running NTOPNG that’s getting data from a Juniper firewall through a promiscuous interface on the NTOPNG machine. The firewall port is a mirror port. The problem I’ve run into is that we are mirroring traffic from several VLANs going through the firewall. I’ve attached two pictures of what happens. The flows are showing in NTOPNG in the format of IP@VLAN:port for traffic which seems OK. However, when I want to drill down into the data stream, I get an error and am told that IP_VLAN cannot be found. There are other VLANs besides 1053; I just happened to catch only 1053 with this screen shot. 1. Is there a configuration in NTOPNG to handle VLANs?
No, they should be handled correctly as a default.
2. I’ve also got NPROBE running. Should I change this to a flow from the Juniper instead? I’ve tried that, but can’t ever seem to see any of the traffic.
AFAIK, flow collection from Juniper is supported by ntopng only if it happens through nprobe, so you're doing things correctly.
I’d be happy to post the config and any other data needed for clarification. I would like to get this running correctly and in the best config for our environment. The box is configured with Centos 6.6 64-bit and ntopng 1.2.1 and nprobe 7.1.150327.
Please do post your config if you can so that we are able to help. Thank you, Arianna
Thanks in advance for any help on this. Jeff _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
-- /* * Arianna Avanzini * [email protected] * http://ava.webhop.me */ _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
