[Ntop] Ntop & v9 Netflow
Luca Deri
deri at ntop.org
Tue Aug 2 14:37:52 CEST 2011
On 08/02/2011 02:29 PM, David Meier wrote:
> Interestingly enough I found out that even though the UDP listener is binding to, supposedly, everything:
>
> udp 0 0 0.0.0.0:2055 0.0.0.0:* 1174/ntop
>
> ...the particular interface I'm directing the traffic to is getting the traffic (known via tcpdump), but the ntop listener is not accepting it. Is there any way to force the listener to a specific interface instead of having it start on 0.0.0.0?
>
No it is not at the moment. Would you like to specify something like
a.b.c.d:2055 where a.b.c.d is one IP address you have?
Luca
> I tried running a Netflow generator and pointed it at both my management interface (i.e. ntop web / ssh) which then showed the Netflow traffic and then moved it back over to the interface I want to sink the traffic towards and it stops showing up.
>
> Thanks,
> --Dave
>
> -----Original Message-----
> From: ntop-bounces at listgateway.unipi.it [mailto:ntop-bounces at listgateway.unipi.it] On Behalf Of Gary Gatten
> Sent: Monday, August 01, 2011 4:50 PM
> To: 'ntop at unipi.it'
> Subject: Re: [Ntop] Ntop& v9 Netflow
>
> Does netstat -an show a listener for netflow? Rarely it appears like it started correctly, but dies without notice.
>
> If a thread is "running" on your host for netflow, then I have no idea what your prob is. What are your startup args and any custom prefs?
>
> ----- Original Message -----
> From: David Meier [mailto:david_meier at mmi.net]
> Sent: Monday, August 01, 2011 04:08 PM
> To: ntop at listgateway.unipi.it<ntop at listgateway.unipi.it>
> Subject: Re: [Ntop] Ntop& v9 Netflow
>
> Yes. I'm viewing the traffic (or lack thereof) via the 'Netflow-device.x'. The 'netflow statistics' state: 'No Data to Display (yet)'.
>
> I have a router pushing v5 flows to it as well - no dice. Very odd that I see the traffic via tcpdump.
>
> </stumped>
>
> -----Original Message-----
> From: ntop-bounces at listgateway.unipi.it [mailto:ntop-bounces at listgateway.unipi.it] On Behalf Of Gary Gatten
> Sent: Monday, August 01, 2011 3:19 PM
> To: 'ntop at unipi.it'
> Subject: Re: [Ntop] Ntop& v9 Netflow
>
> I know this will sound basic, but did you "switch NIC" in the "Admin" tools and select your netflow interface?
>
> What if you view the netflow statistics? Anything interesting there?
>
> When using v9 there has been some issues with templates. Can you try v5 and see if that works?
>
> G
>
>
> -----Original Message-----
> From: ntop-bounces at listgateway.unipi.it [mailto:ntop-bounces at listgateway.unipi.it] On Behalf Of David Meier
> Sent: Monday, August 01, 2011 3:07 PM
> To: ntop at listgateway.unipi.it
> Subject: [Ntop] Ntop& v9 Netflow
>
> I'm currently trying to deploy some Ntop boxes which will ultimately be Netflow v9 collectors. I have two interfaces on each box; one is used for SSH management / Ntop web interface and the other is a specialized interface to act as the Netflow 'sink'.
>
> The problem I'm running into is that the netflow seems to be getting to the 'sink' interface (if I tcpdump it out to pcap I see that it's Netflow v9 records), however nothing ever shows up in Ntop even though I have the Netflow plugin configured. I've tried turning debug on (for the plugin) but I don't see any additional information in the log.
>
> Is there any better way to run the daemon to get better debug?
>
> The version I'm running is:
>
> ntop v.4.1.0 (64 bit) [x86_64-2.6.32-33-server-linux-gnu]
>
> Thanks in advance!!!
>
> ________________________________
>
> Note: This e-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation.
> _______________________________________________
> Ntop mailing list
> Ntop at listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
> </font>
>
> _______________________________________________
> Ntop mailing list
> Ntop at listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop at listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
> </font>
>
> _______________________________________________
> Ntop mailing list
> Ntop at listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop at listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
More information about the Ntop
mailing list