Open hjstam opened 4 years ago
cardigliano
commented
4 years ago Did you check the --collection-filter option? You can filter by AS or network (e.g. 192.168.0.0/24, not is also supported: !10.0.0.0/8, !as12345). Note that you can specify multiple filters using --collection-filter multiple times. Does this work for you?
hjstam
commented
4 years ago Yes I did but it doesn't satisfy our use-case because all the traffic to and from these networks is ignored. Traffic from external networks should be logged but 'internal' traffic (from our own networks to our own networks) shouldn't be logged. This way we only measure the external traffic which can be done with a BPF filter.
We're using nProbe as a collector for sFlow samples from our BGP routers. We would like to only collect and log the remote traffic from and to our networks. This would mean that we need to filter and ignore any traffic from and to our own networks.
To achieve this a BPF filter could be set
(src net 1.2.3.4/20 || src net 5.6.7.8/20) and not (dst net 1.2.3.4/20 || dst net 5.6.7.8/20)but it isn't supported:You cannot use BPF filters in collector/proxy mode: BPF filter disabled.