search

ntop / nProbe

Open source components and extensions for nProbe
http://ntop.org
GNU General Public License v2.0
1.65k stars 44 forks source link

Netflow source/destination and multiple netflow destinations #112

Closed jesseadfi closed 7 years ago

jesseadfi commented 7 years ago

Hello,

We are using nBox 2.4 with Cento L and nProbe ZC. We would like to send only source and destination information for v9 netflow (Cisco equivilent 'interface-destination-source'), and we need to send it to multiple destinations at a time for different tools. Is this possible? It is more important to be able to send it to multiple destinations, however all we need is the source and destination information.

Kind regards,

Jesse

lucaderi commented 7 years ago

In essence you need

  1. the ability of exporting the same flow to multiple destinations (already supported) and
  2. the ability to ignore proto/vlan/ports... and send only the flow conversation matrix?
jesseadfi commented 7 years ago

Hello Luca,

Regarding number 1, yes, how do I do that? I looked for the information online and via --help, but didn’t see it. Can you please send me the instructions or point me to where I can find them?

For number 2, correct, that would be preferable but not an absolute requirement at this time.

Kind regards,

Jesse

simonemainardi commented 7 years ago

regarding number 1 you should specify multiple destinations my repeating the -n and then add flag -a to send flows to all the collectors.

[--collector|-n] <host:port|none>   | Address of the NetFlow collector(s).
                                    | Multiple collectors can be defined using
                                    | multiple -n flags. In this case flows
                                    | will be sent in round robin mode to
                                    | all defined collectors if the -a flag
                                    | is used. Note that you can specify
                                    | both IPv4 and IPv6 addresses.
                                    | If you specify none as value,
                                    | no flow will be export; in this case
                                    | the -P parameter is mandatory.
                                    | Note that you can specify the protocol
                                    | used to send packets. Example:
                                    | udp://192.168.0.1:2055,tcp://10.1.2.3:2055
[--all-collectors|-a]               | If several collectors are defined, this
                                    | option gives the ability to send all
                                    | collectors all the flows. If the flag is
                                    | omitted collectors are selected in
                                    | round robin.
jesseadfi commented 7 years ago

Hello Luca,

Regarding number 1, yes, how do I do that? I looked for the information online and via --help, but didn’t see it. Can you please send me the instructions or point me to where I can find them?

For number 2, correct, that would be preferable but not an absolute requirement at this time.

Kind regards,

Jesse

From: Luca Deri [mailto:notifications@github.com] Sent: Wednesday, October 26, 2016 12:03 PM To: ntop/nProbe Cc: Jesse Alexander; Author Subject: Re: [ntop/nProbe] Netflow source/destination and multiple netflow destinations (#112)

In essence you need

  1. the ability of exporting the same flow to multiple destinations (already supported) and
  2. the ability to ignore proto/vlan/ports... and send only the flow conversation matrix?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/ntop/nProbe/issues/112#issuecomment-256413283, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWA0o7vRlgljA8jDbFXz0ou9slp7i_Wpks5q34fKgaJpZM4KhaQN.

simonemainardi commented 7 years ago

see this comment for 1: https://github.com/ntop/nProbe/issues/112#issuecomment-256591468

jesseadfi commented 7 years ago

I left another comment after simonemainardi's post, but now it isn't visible. Where are those options listed simonemainardi? I do not see that option when I run 'cento --h'.

jesseadfi commented 7 years ago

This is very painful news. We purchased four Cento L licenses with the understanding we could send to as many destinations as we needed. Will support for multiple destinations be available anytime soon?

lucaderi commented 7 years ago

You need to specify -5, -9.. multiple times.

Example

cento -5 host1:1234 -5 host2:5678....

jesseadfi commented 7 years ago

Luca,

I tried what you posted a few days ago and again just now.

My script: sudo cento -i myri1-1,myri1-2 -i myri2-1,myri2-2 -i myri3-1,myri3-2 -g 10,12,14,16,18,20,22,24,26,28-G 11,13,15,17,19,21,23,25,27,29 --v5 10.10.20.2:2055 --v5 10.30.15.182:9995

Whatever is the last --v5 x.x.x.x:yyyy is the only one that receives traffic. I swapped them back and forth and only the last destination receives the netflow.

Please help.

lucaderi commented 7 years ago

Did you upgrade to the latest 2017 development version?

jesseadfi commented 7 years ago

Luca,

I don’t know which version that is, but we did upgrade to nProbe cento v.1.3.170106 and we are now able to send netflow to two destinations. J

Thank you for all of the help!

Jesse

From: Luca Deri [mailto:notifications@github.com] Sent: Monday, January 09, 2017 11:03 AM To: ntop/nProbe Cc: Jesse Alexander; Author Subject: Re: [ntop/nProbe] Netflow source/destination and multiple netflow destinations (#112)

Did you upgrade to the latest 2017 development version?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/ntop/nProbe/issues/112#issuecomment-271341563, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWA0ow3fJEkK6ewMQfWkDrl58GT1X-o-ks5rQmhDgaJpZM4KhaQN.

lucaderi commented 7 years ago

This is the good one.