[Nfsen-discuss] nfsen vs flow-tool. Exporter id tag.

Thu, 14 Feb 2013 07:53:07 -0800 

*Hello,
*
I tried to use nfsen instead flow-tools.
I tried to convert flow-files in to nfdump format with ft2nfdump utility.
I have more than 20 routers in my network and all of them exported data to
the single host-collector.
All data collected succesfully and nfsen "live" profile worked fine.

Filters such as: "src/dst AS", "src/dst IP", "src/dst IF" work fine.

BUT.

How I must to write filter, to see statistics from "src/dst IF" from
specific export source.
SNMP indexes on some router are identical, so I need filtered by
exporter-ip such as Loopback ip-address or some one else ID.

Example:

#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       213.xx.xx.3 (Loopback0)
    Destination(1)  62.xx.xx.xx (60181)


In native data of flow-tools this field called — exporter id.
*Can I be sure that after convertation data by ft2nfdump this information
not disapear?*


Currently i try to use such filter options as:

 Router IP
           router ip <ipaddr>
           Filter the flows according the IP address of the exporting
router.

But I got empty results.

** nfdump -M /home/netflow/flows/live/upstreams  -T  -r
nfcapd.201302141434 -n 10 -s ip/flows
nfdump filter:*router ip 213.xx.xx.3*
Top 10 IP Addr ordered by flows:
Date first seen          Duration Proto           IP Addr    Flows(%)
   Packets(%)       Bytes(%)         pps      bps   bpp

Summary: total flows: 0, total bytes: 0, total packets: 0, avg bps: 0,
avg pps: 0, avg bpp: 0
Time window: 2013-02-14 14:04:52 - 2013-02-14 14:35:48
Total flows processed: 689084, Blocks skipped: 0, Bytes read: 46858276
Sys: 0.144s flows/second: 4785006.5  Wall: 1.391s flows/second: 495145.8

*
Can i hope it will work If I will switch all my routers directly to nfdump
collector (without convertation), but continue using single source to
collect data from all routers?
*
%sources = (
    'monitor'  => { 'port' => '60181', 'col' => '#0000ff', 'type' =>
'netflow' },
);**

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to