All,
Adding a -T template argument appears to break my nprobe in proxy mode.
The setup is:
[nprobe-probe-mode1] ---> [nprobe-proxy-mode] -->
final_netflow_collector
[nprobe-probe-mode2] ------------------^
When a template argument is added, such as: -T "%IPV4_SRC_ADDR
%IPV4_DST_ADDR %PROTOCOL %L4_SRC_PORT %L4_DST_PORT", the proxy still
receives netflow records, but doesn't pass them on to the final collector.
Any suggestions for troubleshooting this?
nprobe commands used:
netflow generation w/o template argument
nprobe -i myri:A1R1P0 -b 1 -n 127.0.0.1:3000
netfllow generation with template argument
nprobe -i myri:A1R1P0 -b 1 -n 127.0.0.1:3000 -T "%IPV4_SRC_ADDR
%IPV4_DST_ADDR %PROTOCOL %L4_SRC_PORT %L4_DST_PORT "
nprobe proxy (unchanged)
nprobe -S 1:1 -i none --collector-port 3000 -n 10.1.1.1:5555 -b 1 -V 9
Thanks.
- Troy
--
Troy Jordan
t r o y j @ m a i n e . e d u
GIAC GCIH,GCIA
------------------------------------------------------------
Network Systems Security Analyst
Information Technology Security Office
University of Maine System
------------------------------------------------------------
233 Science Building | voice: 207.561.3590
Portland, ME 04103 | fax: 509.351.3650
"As you all know, Security Is Mortals chiefest Enemy"
William Shakespeare, Macbeth
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Adding a -T template argument appears to break my nprobe in proxy mode.
The setup is:
[nprobe-probe-mode1] ---> [nprobe-proxy-mode] -->
final_netflow_collector
[nprobe-probe-mode2] ------------------^
When a template argument is added, such as: -T "%IPV4_SRC_ADDR
%IPV4_DST_ADDR %PROTOCOL %L4_SRC_PORT %L4_DST_PORT", the proxy still
receives netflow records, but doesn't pass them on to the final collector.
Any suggestions for troubleshooting this?
nprobe commands used:
netflow generation w/o template argument
nprobe -i myri:A1R1P0 -b 1 -n 127.0.0.1:3000
netfllow generation with template argument
nprobe -i myri:A1R1P0 -b 1 -n 127.0.0.1:3000 -T "%IPV4_SRC_ADDR
%IPV4_DST_ADDR %PROTOCOL %L4_SRC_PORT %L4_DST_PORT "
nprobe proxy (unchanged)
nprobe -S 1:1 -i none --collector-port 3000 -n 10.1.1.1:5555 -b 1 -V 9
Thanks.
- Troy
--
Troy Jordan
t r o y j @ m a i n e . e d u
GIAC GCIH,GCIA
------------------------------------------------------------
Network Systems Security Analyst
Information Technology Security Office
University of Maine System
------------------------------------------------------------
233 Science Building | voice: 207.561.3590
Portland, ME 04103 | fax: 509.351.3650
"As you all know, Security Is Mortals chiefest Enemy"
William Shakespeare, Macbeth
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc