Hello Luca, hm, I don't see any difference. I tried to run cento from command line using the following command:
cento -p /var/run/cento-fge1.pid -t 30 -d 20 -9 x.x.x.x:9999 -i fge1 --syslog cento -D 0 --if-networks 68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 fge1 driver has MAC 68:05:ca:34:89:c0, thus it should be set to 5. However, I still see input and output interface set to 1 and 2. Tried also with --if-networks @cento-networks # cat cento-networks 68:05:CA:34:89:C0@5 But without success. M. On 21.11.2017 14:13, Luca Deri wrote: > Hi Matěj, > > please change > > D=0 > --syslog=cento > -b *<=== REMOVE* > --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 > > > (remove -b) > > and it will work > > Regards Luca > > On 11/20/2017 05:21 PM, Matěj Grégr wrote: >> Hello Luca, >> I tried to use the following cento.conf: >> >> # cat /etc/cento/cento.conf >> -p=/var/run/cento.pid >> -t=30 >> -d=20 >> -9=x.x.x.x:9998 >> -i=fge1 >> -i=fge2 >> -g=0,1 >> -G=2,3 >> -D=0 >> --syslog=cento >> -b >> --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 >> >> M. >> >> On 20.11.2017 12:17, Luca Deri wrote: >>> Matej, >>> can you please share the flow command line you are using? >>> >>> Luca >>> >>>> On 18 Nov 2017, at 21:21, Matěj Grégr <[email protected]> wrote: >>>> >>>> Hello, >>>> following and older thread: >>>> >>>> On 10.02.2017 14:54, Luca Deri wrote: >>>>> Hi Jesse >>>>> please see below >>>>> >>>>> On 02/10/2017 02:08 PM, Jesse Alexander wrote: >>>>>> First issue: >>>>>> We are using cento to send netflow to multiple collectors for analysis. >>>>>> The nbox server has 4 pairs of TAP interfaces (8 NICs). We are sending >>>>>> as version 5 netflow, which has a field for the interface. >>>>>> >>>>>> Bytes 12-13, and 14-15 in the flow record >>>>>> 12-13 | input | SNMP index of input interface >>>>>> 14-15 | output | SNMP index of output interface >>>>>> All of the flow packets are coming through with either "1" or "2" for >>>>>> those values, which is causing problems with our Kentik service and an >>>>>> internal collector. >>>>>> >>>>>> It appears this has been brought up before, but there isn't a solution >>>>>> mentioned. >>>>>> http://www.ntop.org/support/faq/how-do-i-set-the-input-and-output-interface-id/ >>>>>> >>>>>> How do we get cento to correctly report the interface ID? >>>>> In the current cento (devel) you can do >>>>> --iface-id <in>:<out> | Set input/output interfaceId >>>>> in exported flows >>>>> where >>>>> - interface indexes and (router) MAC/IP addresses >>>>> Flag --iface-id is used to specify the SNMP interface identifiers >>>>> for emitted flows. >>>>> However using --if-networks it is possible to specify an interface >>>>> identifier to which >>>>> a MAC address or IP network is bound. The syntax of --if-networks is: >>>>> <MAC|IP/mask>@<interfaceId> where multiple entries can be separated >>>>> by a comma (,). >>>>> Example: --if-networks "AA:BB:CC:DD:EE:FF@3,192.168.0.0/24@2" or >>>>> --if-networks @<filename> where <filename> is a file path containing >>>>> the networks >>>>> specified using the above format. >>>>> >>>> It doesn't work for me. I have the same issue as Jesse - all flows from >>>> cento are exported with if interface 1, out interface 2. >>>> >>>> I mirror traffic from router to the following two interfaces on cento box: >>>> >>>> 3: fge1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >>>> state UP mode DEFAULT qlen 1000 >>>> link/ether 68:05:ca:34:89:c0 brd ff:ff:ff:ff:ff:ff >>>> 5: fge2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >>>> state UP mode DEFAULT qlen 1000 >>>> link/ether 68:05:ca:34:89:c1 brd ff:ff:ff:ff:ff:ff >>>> >>>> I tried to set the interface indexes to 5 and 6 using: >>>> --if-networks "68:05:ca:34:89:c0@5,68:05:ca:34:89:c1@6" >>>> >>>> However, I still see only 1 for incomming and 2 for outgoing index in >>>> flow data: >>>> >>>> Flow Record: >>>> Flags = 0x00 FLOW, Unsampled >>>> <snip> >>>> input = 1 >>>> output = 2 >>>> >>>> Running cento --version >>>> v.1.3.171116 >>>> >>>> Any idea what I am doing wrong? >>>> >>>> Thanks, >>>> Matej >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
