Mailing List Archive

Alan,

Add nProbe options:

-i none -n none -V 9

And report. In case you are still not getting the right exporter address, please add -b 2 and report the full nProbe output.

Regards,

Simone

> On 6 Nov 2017, at 09:04, Alan Kemp <alan@irisns.com> wrote:
>
> Hi Guys
>
> I’m trying to collect sflow data from some Arista switches, and send them to a v9 netflow collector for processing.
> Which is working but not sending the IP addresses of the Arista exporter.
> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to text ( to avoid any issues with the netflow collector ), and I’m seeing 0.0.0.0 as the address a not the Arista’s
>
> I’m running
> —snip—
> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T %EXPORTER_IPV4_ADDRESS
> —snip--
>
> The flow files.
>
> —snip—
> $ cat 06.flows
> EXPORTER_IPV4_ADDRESS
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> —snip—
>
> —snip—
> $ nprobe -v
>
> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu
> with native PF_RING acceleration.
> Copyright 2002-17 ntop.org <http://ntop.org/>
>
> Build OS: Ubuntu 14.04.5 LTS
> SystemID: 68A92F4082082B27
> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023
> License: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
>
> —snip—
>
>
> Please can someone point me in the right direction or tell me what I’m doing wrong.
>
> Regards
>
> --
> Alan Kemp
> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
> Mobile: +27 83 257 5970
> IRIS Network Systems
>
>
>
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Hi Simone,

Thank you for the suggestion.
Im not running:
—snip—
sudo nprobe --collector-port 9995 -i none -n none -V 9 -P ./flows/ -0t -b2 -T %EXPORTER_IPV4_ADDRESS
—snip—

Same result:

—snip—
$ cat 23.flows | head -10
EXPORTER_IPV4_ADDRESS
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
—snip—

The output from -b2 debug

—snip--
06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 40:71:83:A6:A0:0D:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1450 bytes][ifIdx 1000007->1000004][0.0 sec][init Unknown][AS: 0 -> 0]
06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 80:71:1F:92:DF:C2:0 -> 28:99:3A:06:85:C3:0 [1 pkt/76 bytes][ifIdx 1000004->1000001][0.0 sec][VLAN 10/10][init Unknown][AS: 0 -> 0]
06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0]
06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 28:99:3A:06:85:C3:0 -> 54:4B:8C:70:78:18:0 [1 pkt/1450 bytes][ifIdx 1000100->17][0.0 sec][VLAN 1231/1231[init Unknown][AS: 0 -> 0]
06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0]
06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX]
06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX]
06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [4C:16:FC:18:E8:AA -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000006 -> 1000100][subflowId: 0/0x0000][idx=1361][firstSeen=1509960269/0][direction: RX]
06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960269/0][direction: RX]
06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960270/0][direction: RX]
06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [80:71:1F:92:DF:C2 -> 28:99:3A:06:85:C3][vlan 10/10][tos 0][ifIdx: 1000004 -> 1000100][subflowId: 0/0x0000][idx=1480][firstSeen=1509960270/0][direction: RX]
—snip—

Im concerned about the “NonIP 0.0.0.0” could that be the issue ?

I’m happy to go back to Arista as ask to verify the device config ( unfortunately I dont have access to the actual switch )

regards

Alan


> On 06 Nov 2017, at 11:19, Simone Mainardi <mainardi@ntop.org> wrote:
>
> Alan,
>
> Add nProbe options:
>
> -i none -n none -V 9
>
> And report. In case you are still not getting the right exporter address, please add -b 2 and report the full nProbe output.
>
> Regards,
>
> Simone
>
>> On 6 Nov 2017, at 09:04, Alan Kemp <alan@irisns.com <mailto:alan@irisns.com>> wrote:
>>
>> Hi Guys
>>
>> I’m trying to collect sflow data from some Arista switches, and send them to a v9 netflow collector for processing.
>> Which is working but not sending the IP addresses of the Arista exporter.
>> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to text ( to avoid any issues with the netflow collector ), and I’m seeing 0.0.0.0 as the address a not the Arista’s
>>
>> I’m running
>> —snip—
>> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T %EXPORTER_IPV4_ADDRESS
>> —snip--
>>
>> The flow files.
>>
>> —snip—
>> $ cat 06.flows
>> EXPORTER_IPV4_ADDRESS
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> —snip—
>>
>> —snip—
>> $ nprobe -v
>>
>> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu
>> with native PF_RING acceleration.
>> Copyright 2002-17 ntop.org <http://ntop.org/>
>>
>> Build OS: Ubuntu 14.04.5 LTS
>> SystemID: 68A92F4082082B27
>> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023
>> License: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
>>
>> —snip—
>>
>>
>> Please can someone point me in the right direction or tell me what I’m doing wrong.
>>
>> Regards
>>
>> --
>> Alan Kemp
>> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
>> Mobile: +27 83 257 5970
>> IRIS Network Systems
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

--
Alan Kemp
Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
Mobile: +27 83 257 5970
IRIS Network Systems

Alan,

nProbe output is cropped. Please, share the FULL output.

Also try not to specify a template to run these tests. NonIP means there's traffic that is not IP (e.g., a DHCP request).

Regards,

Simone



> On 6 Nov 2017, at 10:28, Alan Kemp <alan@irisns.com> wrote:
>
>
> Hi Simone,
>
> Thank you for the suggestion.
> Im not running:
> —snip—
> sudo nprobe --collector-port 9995 -i none -n none -V 9 -P ./flows/ -0t -b2 -T %EXPORTER_IPV4_ADDRESS
> —snip—
>
> Same result:
>
> —snip—
> $ cat 23.flows | head -10
> EXPORTER_IPV4_ADDRESS
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> 0.0.0.0
> —snip—
>
> The output from -b2 debug
>
> —snip--
> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 40:71:83:A6:A0:0D:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1450 bytes][ifIdx 1000007->1000004][0.0 sec][init Unknown][AS: 0 -> 0]
> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 80:71:1F:92:DF:C2:0 -> 28:99:3A:06:85:C3:0 [1 pkt/76 bytes][ifIdx 1000004->1000001][0.0 sec][VLAN 10/10][init Unknown][AS: 0 -> 0]
> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0]
> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 28:99:3A:06:85:C3:0 -> 54:4B:8C:70:78:18:0 [1 pkt/1450 bytes][ifIdx 1000100->17][0.0 sec][VLAN 1231/1231[init Unknown][AS: 0 -> 0]
> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0]
> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX]
> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX]
> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [4C:16:FC:18:E8:AA -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000006 -> 1000100][subflowId: 0/0x0000][idx=1361][firstSeen=1509960269/0][direction: RX]
> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960269/0][direction: RX]
> 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960270/0][direction: RX]
> 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [80:71:1F:92:DF:C2 -> 28:99:3A:06:85:C3][vlan 10/10][tos 0][ifIdx: 1000004 -> 1000100][subflowId: 0/0x0000][idx=1480][firstSeen=1509960270/0][direction: RX]
> —snip—
>
> Im concerned about the “NonIP 0.0.0.0” could that be the issue ?
>
> I’m happy to go back to Arista as ask to verify the device config ( unfortunately I dont have access to the actual switch )
>
> regards
>
> Alan
>
>
>> On 06 Nov 2017, at 11:19, Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
>>
>> Alan,
>>
>> Add nProbe options:
>>
>> -i none -n none -V 9
>>
>> And report. In case you are still not getting the right exporter address, please add -b 2 and report the full nProbe output.
>>
>> Regards,
>>
>> Simone
>>
>>> On 6 Nov 2017, at 09:04, Alan Kemp <alan@irisns.com <mailto:alan@irisns.com>> wrote:
>>>
>>> Hi Guys
>>>
>>> I’m trying to collect sflow data from some Arista switches, and send them to a v9 netflow collector for processing.
>>> Which is working but not sending the IP addresses of the Arista exporter.
>>> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to text ( to avoid any issues with the netflow collector ), and I’m seeing 0.0.0.0 as the address a not the Arista’s
>>>
>>> I’m running
>>> —snip—
>>> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T %EXPORTER_IPV4_ADDRESS
>>> —snip--
>>>
>>> The flow files.
>>>
>>> —snip—
>>> $ cat 06.flows
>>> EXPORTER_IPV4_ADDRESS
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> 0.0.0.0
>>> —snip—
>>>
>>> —snip—
>>> $ nprobe -v
>>>
>>> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu
>>> with native PF_RING acceleration.
>>> Copyright 2002-17 ntop.org <http://ntop.org/>
>>>
>>> Build OS: Ubuntu 14.04.5 LTS
>>> SystemID: 68A92F4082082B27
>>> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023
>>> License: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
>>>
>>> —snip—
>>>
>>>
>>> Please can someone point me in the right direction or tell me what I’m doing wrong.
>>>
>>> Regards
>>>
>>> --
>>> Alan Kemp
>>> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
>>> Mobile: +27 83 257 5970
>>> IRIS Network Systems
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> --
> Alan Kemp
> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
> Mobile: +27 83 257 5970
> IRIS Network Systems
>
>
>
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Hi Simone,

Thank you very much for the advice, I ran nprobe with the template fields I needed and EXPORTER_IPV4_ADDRESS is now populated correctly.

—snip—
$ cat 51.flows | head -2
IN_BYTES|IN_PKTS|PROTOCOL|SRC_TOS|L4_SRC_PORT|IPV4_SRC_ADDR|INPUT_SNMP|L4_DST_PORT|IPV4_DST_ADDR|OUTPUT_SNMP|IPV4_NEXT_HOP|SRC_AS|DST_AS|LAST_SWITCHED|FIRST_SWITCHED|SAMPLING_INTERVAL|SAMPLING_ALGORITHM|ENGINE_TYPE|ENGINE_ID|DST_TOS|FLOW_ID|EXPORTER_IPV4_ADDRESS
1450|1|6|0|443|185.60.219.14|1000100|27025|169.1.195.86|17|0.0.0.0|32934|37611|1509976231|1509976231|1|1|0|134|0|296|41.76.224.226
—snip—

Glad it working but still confused as to why if I just specify EXPORTER_IPV4_ADDRESS nprobe writes out 0.0.0.0

regards

Alan

> On 06 Nov 2017, at 11:42, Simone Mainardi <mainardi@ntop.org> wrote:
>
> Alan,
>
> nProbe output is cropped. Please, share the FULL output.
>
> Also try not to specify a template to run these tests. NonIP means there's traffic that is not IP (e.g., a DHCP request).
>
> Regards,
>
> Simone
>
>
>
>> On 6 Nov 2017, at 10:28, Alan Kemp <alan@irisns.com <mailto:alan@irisns.com>> wrote:
>>
>>
>> Hi Simone,
>>
>> Thank you for the suggestion.
>> Im not running:
>> —snip—
>> sudo nprobe --collector-port 9995 -i none -n none -V 9 -P ./flows/ -0t -b2 -T %EXPORTER_IPV4_ADDRESS
>> —snip—
>>
>> Same result:
>>
>> —snip—
>> $ cat 23.flows | head -10
>> EXPORTER_IPV4_ADDRESS
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> 0.0.0.0
>> —snip—
>>
>> The output from -b2 debug
>>
>> —snip--
>> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 40:71:83:A6:A0:0D:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1450 bytes][ifIdx 1000007->1000004][0.0 sec][init Unknown][AS: 0 -> 0]
>> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 80:71:1F:92:DF:C2:0 -> 28:99:3A:06:85:C3:0 [1 pkt/76 bytes][ifIdx 1000004->1000001][0.0 sec][VLAN 10/10][init Unknown][AS: 0 -> 0]
>> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0]
>> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 28:99:3A:06:85:C3:0 -> 54:4B:8C:70:78:18:0 [1 pkt/1450 bytes][ifIdx 1000100->17][0.0 sec][VLAN 1231/1231[init Unknown][AS: 0 -> 0]
>> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0]
>> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX]
>> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: 1000001 -> 1000004][subflowId: 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX]
>> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [4C:16:FC:18:E8:AA -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000006 -> 1000100][subflowId: 0/0x0000][idx=1361][firstSeen=1509960269/0][direction: RX]
>> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960269/0][direction: RX]
>> 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: 1000005 -> 1000004][subflowId: 0/0x0000][idx=1306][firstSeen=1509960270/0][direction: RX]
>> 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> 0.0.0.0:0 [80:71:1F:92:DF:C2 -> 28:99:3A:06:85:C3][vlan 10/10][tos 0][ifIdx: 1000004 -> 1000100][subflowId: 0/0x0000][idx=1480][firstSeen=1509960270/0][direction: RX]
>> —snip—
>>
>> Im concerned about the “NonIP 0.0.0.0” could that be the issue ?
>>
>> I’m happy to go back to Arista as ask to verify the device config ( unfortunately I dont have access to the actual switch )
>>
>> regards
>>
>> Alan
>>
>>
>>> On 06 Nov 2017, at 11:19, Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
>>>
>>> Alan,
>>>
>>> Add nProbe options:
>>>
>>> -i none -n none -V 9
>>>
>>> And report. In case you are still not getting the right exporter address, please add -b 2 and report the full nProbe output.
>>>
>>> Regards,
>>>
>>> Simone
>>>
>>>> On 6 Nov 2017, at 09:04, Alan Kemp <alan@irisns.com <mailto:alan@irisns.com>> wrote:
>>>>
>>>> Hi Guys
>>>>
>>>> I’m trying to collect sflow data from some Arista switches, and send them to a v9 netflow collector for processing.
>>>> Which is working but not sending the IP addresses of the Arista exporter.
>>>> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to text ( to avoid any issues with the netflow collector ), and I’m seeing 0.0.0.0 as the address a not the Arista’s
>>>>
>>>> I’m running
>>>> —snip—
>>>> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T %EXPORTER_IPV4_ADDRESS
>>>> —snip--
>>>>
>>>> The flow files.
>>>>
>>>> —snip—
>>>> $ cat 06.flows
>>>> EXPORTER_IPV4_ADDRESS
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> 0.0.0.0
>>>> —snip—
>>>>
>>>> —snip—
>>>> $ nprobe -v
>>>>
>>>> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu
>>>> with native PF_RING acceleration.
>>>> Copyright 2002-17 ntop.org <http://ntop.org/>
>>>>
>>>> Build OS: Ubuntu 14.04.5 LTS
>>>> SystemID: 68A92F4082082B27
>>>> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023
>>>> License: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
>>>>
>>>> —snip—
>>>>
>>>>
>>>> Please can someone point me in the right direction or tell me what I’m doing wrong.
>>>>
>>>> Regards
>>>>
>>>> --
>>>> Alan Kemp
>>>> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
>>>> Mobile: +27 83 257 5970
>>>> IRIS Network Systems
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> --
>> Alan Kemp
>> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
>> Mobile: +27 83 257 5970
>> IRIS Network Systems
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

--
Alan Kemp
Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747)
Mobile: +27 83 257 5970
IRIS Network Systems