Hi, I tried to gather the flows in format ipfix. The device is a Sophos UTM 3. It does not show anything
I tried nprobe --zmq "tcp://:5557" -V 10 -i none -n none --collector-port 4739 nprobe --zmq "tcp://:5557" -V 10 -i none -n none --collector-port 4739 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %TCP_FLAGS %CLIENT_NW_DELAY_MS %SERVER_NW_DELAY_MS %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA %HTTP_MIME" nprobe --zmq "tcp://:5557" -V 10 -i none -n none --collector-port 4739 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %TCP_FLAGS %CLIENT_NW_DELAY_MS %SERVER_NW_DELAY_MS %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA %HTTP_MIME" -G I have running ntop -G=/var/run/ntopng.pid --community -i=tcp://10.0.60.30:5556 -i=tcp://10.0.60.30:5557 -m=10.0.52.0/22,10.0.60.0/22,10.0.92.0/22,10.0.72.0/22,10.0.76.0/22,10.0.84.0/22,10.0.80.0/22l,10.3.0.0/16,10.0.36.0/22,10.169.169.0/24,10.0.27.0/24,10.0.28.0/24,10.0.29,0,10.4.60.0/22,10.0.1.0/24,10.0.100.0/24,10.0.104.0/24,10.0.108.0/$ I use -i=tcp://10.0.60.30:5556 -> Palo Alto netflow -i=tcp://10.0.60.30:5557 --> Sophos Utm ipfix Thank you
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
