Hi Matěj, please change
D=0 --syslog=cento -b *<=== REMOVE* --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 (remove -b) and it will work Regards Luca On 11/20/2017 05:21 PM, Matěj Grégr wrote: > Hello Luca, > I tried to use the following cento.conf: > > # cat /etc/cento/cento.conf > -p=/var/run/cento.pid > -t=30 > -d=20 > -9=x.x.x.x:9998 > -i=fge1 > -i=fge2 > -g=0,1 > -G=2,3 > -D=0 > --syslog=cento > -b > --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 > > M. > > On 20.11.2017 12:17, Luca Deri wrote: >> Matej, >> can you please share the flow command line you are using? >> >> Luca >> >>> On 18 Nov 2017, at 21:21, Matěj Grégr <[email protected]> wrote: >>> >>> Hello, >>> following and older thread: >>> >>> On 10.02.2017 14:54, Luca Deri wrote: >>>> Hi Jesse >>>> please see below >>>> >>>> On 02/10/2017 02:08 PM, Jesse Alexander wrote: >>>>> First issue: >>>>> We are using cento to send netflow to multiple collectors for analysis. >>>>> The nbox server has 4 pairs of TAP interfaces (8 NICs). We are sending as >>>>> version 5 netflow, which has a field for the interface. >>>>> >>>>> Bytes 12-13, and 14-15 in the flow record >>>>> 12-13 | input | SNMP index of input interface >>>>> 14-15 | output | SNMP index of output interface >>>>> All of the flow packets are coming through with either "1" or "2" for >>>>> those values, which is causing problems with our Kentik service and an >>>>> internal collector. >>>>> >>>>> It appears this has been brought up before, but there isn't a solution >>>>> mentioned. >>>>> http://www.ntop.org/support/faq/how-do-i-set-the-input-and-output-interface-id/ >>>>> >>>>> How do we get cento to correctly report the interface ID? >>>> In the current cento (devel) you can do >>>> --iface-id <in>:<out> | Set input/output interfaceId >>>> in exported flows >>>> where >>>> - interface indexes and (router) MAC/IP addresses >>>> Flag --iface-id is used to specify the SNMP interface identifiers >>>> for emitted flows. >>>> However using --if-networks it is possible to specify an interface >>>> identifier to which >>>> a MAC address or IP network is bound. The syntax of --if-networks is: >>>> <MAC|IP/mask>@<interfaceId> where multiple entries can be separated >>>> by a comma (,). >>>> Example: --if-networks "AA:BB:CC:DD:EE:FF@3,192.168.0.0/24@2" or >>>> --if-networks @<filename> where <filename> is a file path containing >>>> the networks >>>> specified using the above format. >>>> >>> It doesn't work for me. I have the same issue as Jesse - all flows from >>> cento are exported with if interface 1, out interface 2. >>> >>> I mirror traffic from router to the following two interfaces on cento box: >>> >>> 3: fge1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >>> state UP mode DEFAULT qlen 1000 >>> link/ether 68:05:ca:34:89:c0 brd ff:ff:ff:ff:ff:ff >>> 5: fge2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >>> state UP mode DEFAULT qlen 1000 >>> link/ether 68:05:ca:34:89:c1 brd ff:ff:ff:ff:ff:ff >>> >>> I tried to set the interface indexes to 5 and 6 using: >>> --if-networks "68:05:ca:34:89:c0@5,68:05:ca:34:89:c1@6" >>> >>> However, I still see only 1 for incomming and 2 for outgoing index in >>> flow data: >>> >>> Flow Record: >>> Flags = 0x00 FLOW, Unsampled >>> <snip> >>> input = 1 >>> output = 2 >>> >>> Running cento --version >>> v.1.3.171116 >>> >>> Any idea what I am doing wrong? >>> >>> Thanks, >>> Matej >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
