Hi Jesse
please see below
On 02/10/2017 02:08 PM, Jesse Alexander wrote:
> First issue:
> We are using cento to send netflow to multiple collectors for analysis. The
> nbox server has 4 pairs of TAP interfaces (8 NICs). We are sending as version
> 5 netflow, which has a field for the interface.
>
> Bytes 12-13, and 14-15 in the flow record
> 12-13 | input | SNMP index of input interface
> 14-15 | output | SNMP index of output interface
> All of the flow packets are coming through with either "1" or "2" for those
> values, which is causing problems with our Kentik service and an internal
> collector.
>
> It appears this has been brought up before, but there isn't a solution
> mentioned.
> http://www.ntop.org/support/faq/how-do-i-set-the-input-and-output-interface-id/
>
> How do we get cento to correctly report the interface ID?
In the current cento (devel) you can do
--iface-id <in>:<out> | Set input/output interfaceId
in exported flows
where
- interface indexes and (router) MAC/IP addresses
Flag --iface-id is used to specify the SNMP interface identifiers
for emitted flows.
However using --if-networks it is possible to specify an interface
identifier to which
a MAC address or IP network is bound. The syntax of --if-networks is:
<MAC|IP/mask>@<interfaceId> where multiple entries can be separated
by a comma (,).
Example: --if-networks "AA:BB:CC:DD:EE:FF@3,192.168.0.0/24@2" or
--if-networks @<filename> where <filename> is a file path containing
the networks
specified using the above format.
>
> Second issue.
> We are seeing tcp traffic reported by cento sourcing and destined to the same
> IP, which is not physically possible. src_ip = dst_ip = same IP
Also fixed
Please upgrade
Regards Luca
>
> Any ideas how to prevent this?
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
