Re: [Ntop] help with ipfix

Mon, 01 Aug 2016 12:08:23 -0700 

Hi,

Commands look wrong. You need to either use a wildcard or an ip address
where you want to bind the nprobe. For example:

nprobe --zmq tcp://***:5557
nprobe --zmq tcp://*127.0.0.1*:5557



Simone

On Mon, Aug 1, 2016 at 5:02 PM, Andrés Salesa <[email protected]>
wrote:

> Hi,
>
>
>
> I tried to gather the flows in format ipfix. The device is a Sophos UTM 3.
> It does not show anything
>
>
>
> I tried
>
>
>
> nprobe --zmq "tcp://:5557" -V 10  -i none -n none --collector-port 4739
>
>
>
> nprobe --zmq "tcp://:5557" -V 10  -i none -n none --collector-port 4739
> -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP
> %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FLOW_START_MILLISECONDS
> %FLOW_END_MILLISECONDS %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC
> %OUT_DST_MAC %TCP_FLAGS %CLIENT_NW_DELAY_MS %SERVER_NW_DELAY_MS
> %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA
> %HTTP_MIME”
>
>
>
> nprobe --zmq "tcp://:5557" -V 10  -i none -n none --collector-port 4739
> -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP
> %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FLOW_START_MILLISECONDS
> %FLOW_END_MILLISECONDS %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC
> %OUT_DST_MAC %TCP_FLAGS %CLIENT_NW_DELAY_MS %SERVER_NW_DELAY_MS
> %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA
> %HTTP_MIME" -G
>
>
>
> I have running  ntop
>
>
>
> -G=/var/run/ntopng.pid
> --community
> -i=tcp://10.0.60.30:5556
>
> -i=tcp://10.0.60.30:5557
> -m=
> 10.0.52.0/22,10.0.60.0/22,10.0.92.0/22,10.0.72.0/22,10.0.76.0/22,10.0.84.0/22,10.0.80.0/22l,10.3.0.0/16,10.0.36.0/22,10.169.169.0/24,10.0.27.0/24,10.0.28.0/24,10.0.29,0,10.4.60.0/22,10.0.1.0/24,10.0.100.0/24,10.0.104.0/24,10.0.108.0/$
>
>
>
> I use
>
>
>
> -i=tcp://10.0.60.30:5556 -> Palo Alto netflow
>
> -i=tcp://10.0.60.30:5557 à Sophos Utm ipfix
>
>
>
> Thank you
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to