Matěj, the problem of -b is that the rest of the CLI was not parsed. What type of traffic did you attach to fge1? Is traffic originated/received by the machine or is traffic mirrored to it? Can you please check this?
Thanks Luca On 11/23/2017 09:42 PM, Matěj Grégr wrote: > Hello Luca, > hm, I don't see any difference. I tried to run cento from command line > using the following command: > > cento -p /var/run/cento-fge1.pid -t 30 -d 20 -9 x.x.x.x:9999 -i fge1 > --syslog cento -D 0 --if-networks 68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 > > fge1 driver has MAC 68:05:ca:34:89:c0, thus it should be set to 5. > However, I still see input and output interface set to 1 and 2. > > Tried also with --if-networks @cento-networks > # cat cento-networks > 68:05:CA:34:89:C0@5 > > But without success. > > M. > > On 21.11.2017 14:13, Luca Deri wrote: >> Hi Matěj, >> >> please change >> >> D=0 >> --syslog=cento >> -b *<=== REMOVE* >> --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 >> >> >> (remove -b) >> >> and it will work >> >> Regards Luca >> >> On 11/20/2017 05:21 PM, Matěj Grégr wrote: >>> Hello Luca, >>> I tried to use the following cento.conf: >>> >>> # cat /etc/cento/cento.conf >>> -p=/var/run/cento.pid >>> -t=30 >>> -d=20 >>> -9=x.x.x.x:9998 >>> -i=fge1 >>> -i=fge2 >>> -g=0,1 >>> -G=2,3 >>> -D=0 >>> --syslog=cento >>> -b >>> --if-networks=68:05:CA:34:89:C0@5,68:05:CA:34:89:C1@6 >>> >>> M. >>> >>> On 20.11.2017 12:17, Luca Deri wrote: >>>> Matej, >>>> can you please share the flow command line you are using? >>>> >>>> Luca >>>> >>>>> On 18 Nov 2017, at 21:21, Matěj Grégr <[email protected]> wrote: >>>>> >>>>> Hello, >>>>> following and older thread: >>>>> >>>>> On 10.02.2017 14:54, Luca Deri wrote: >>>>>> Hi Jesse >>>>>> please see below >>>>>> >>>>>> On 02/10/2017 02:08 PM, Jesse Alexander wrote: >>>>>>> First issue: >>>>>>> We are using cento to send netflow to multiple collectors for analysis. >>>>>>> The nbox server has 4 pairs of TAP interfaces (8 NICs). We are sending >>>>>>> as version 5 netflow, which has a field for the interface. >>>>>>> >>>>>>> Bytes 12-13, and 14-15 in the flow record >>>>>>> 12-13 | input | SNMP index of input interface >>>>>>> 14-15 | output | SNMP index of output interface >>>>>>> All of the flow packets are coming through with either "1" or "2" for >>>>>>> those values, which is causing problems with our Kentik service and an >>>>>>> internal collector. >>>>>>> >>>>>>> It appears this has been brought up before, but there isn't a solution >>>>>>> mentioned. >>>>>>> http://www.ntop.org/support/faq/how-do-i-set-the-input-and-output-interface-id/ >>>>>>> >>>>>>> How do we get cento to correctly report the interface ID? >>>>>> In the current cento (devel) you can do >>>>>> --iface-id <in>:<out> | Set input/output interfaceId >>>>>> in exported flows >>>>>> where >>>>>> - interface indexes and (router) MAC/IP addresses >>>>>> Flag --iface-id is used to specify the SNMP interface identifiers >>>>>> for emitted flows. >>>>>> However using --if-networks it is possible to specify an interface >>>>>> identifier to which >>>>>> a MAC address or IP network is bound. The syntax of --if-networks is: >>>>>> <MAC|IP/mask>@<interfaceId> where multiple entries can be separated >>>>>> by a comma (,). >>>>>> Example: --if-networks "AA:BB:CC:DD:EE:FF@3,192.168.0.0/24@2" or >>>>>> --if-networks @<filename> where <filename> is a file path containing >>>>>> the networks >>>>>> specified using the above format. >>>>>> >>>>> It doesn't work for me. I have the same issue as Jesse - all flows from >>>>> cento are exported with if interface 1, out interface 2. >>>>> >>>>> I mirror traffic from router to the following two interfaces on cento box: >>>>> >>>>> 3: fge1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >>>>> state UP mode DEFAULT qlen 1000 >>>>> link/ether 68:05:ca:34:89:c0 brd ff:ff:ff:ff:ff:ff >>>>> 5: fge2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq >>>>> state UP mode DEFAULT qlen 1000 >>>>> link/ether 68:05:ca:34:89:c1 brd ff:ff:ff:ff:ff:ff >>>>> >>>>> I tried to set the interface indexes to 5 and 6 using: >>>>> --if-networks "68:05:ca:34:89:c0@5,68:05:ca:34:89:c1@6" >>>>> >>>>> However, I still see only 1 for incomming and 2 for outgoing index in >>>>> flow data: >>>>> >>>>> Flow Record: >>>>> Flags = 0x00 FLOW, Unsampled >>>>> <snip> >>>>> input = 1 >>>>> output = 2 >>>>> >>>>> Running cento --version >>>>> v.1.3.171116 >>>>> >>>>> Any idea what I am doing wrong? >>>>> >>>>> Thanks, >>>>> Matej >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
