search

smitmartijn / roneo-netflow-duplicator

NetFlow Duplicator: ingest NetFlow and send it out to multiple collectors
7 stars 4 forks source link

receiving no udp traffic #2

Closed AlexandreLicinio closed 4 months ago

AlexandreLicinio commented 4 years ago

hi, great project !

We're facing issue, first when running with python3 we raise an error:

Traceback (most recent call last): File "main.py", line 2, in <module> from scapy.all import * ModuleNotFoundError: No module named 'scapy'

by running with python2.7 it seems ok:

ekla@sd-125066:/opt/roneo-netflow-duplicator$ sudo python main.py --configfile /etc/roneo-config.yaml main.py:103: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. cfg = yaml.load(ymlfile)

the udp at 127.0.0.1:10100 is a udp stream (10mb/s) but we receive nothing on collectors listeners :(

in log:


2020-04-05 16:14:32,021 - Statistics since: 2020-04-05 16:13:32.017410
2020-04-05 16:14:32,021 - Sources:
2020-04-05 16:14:32,021 - 127.0.0.1      : 237 packets
2020-04-05 16:14:32,021 - Collectors:
2020-04-05 16:14:32,022 - 127.0.0.4      : 237 packets
2020-04-05 16:14:32,022 - 127.0.0.3      : 237 packets
2020-04-05 16:14:32,022 - 127.0.0.2      : 237 packets
2020-04-05 16:15:32,289 - Statistics since: 2020-04-05 16:14:32.022335
2020-04-05 16:15:32,289 - Sources:
2020-04-05 16:15:32,289 - 127.0.0.1      : 240 packets
2020-04-05 16:15:32,289 - Collectors:
2020-04-05 16:15:32,289 - 127.0.0.4      : 240 packets
2020-04-05 16:15:32,289 - 127.0.0.3      : 240 packets
2020-04-05 16:15:32,289 - 127.0.0.2      : 240 packets```
smitmartijn commented 4 years ago

Hi,

To solve the python3 error: install the requirements (scapy) with: pip install -r requirements.txt or pip3 install -r requirements.txt if you have both python2 and python3 installed.

Using localhost IPs is indeed not going to work. Roneo expects the targets to be on the network and sends out the packets over the network. If you're using multiple collectors on the same machine, you could also use iptables (or something similar) to send incoming packets to 2055 to your other local collectors. Although I'm not really sure why you want to run multiple NetFlow collectors on the same server?