RE: [Flow-tools] Two routers exporting flows

Thu, 17 Mar 2005 05:06:49 -0800 

Jonathan, i think that my post could not be related with the other
Lawrence�s post . But all help are welcome!







[EMAIL PROTECTED]

RAMAL:
17/03/2005 09:56

        Para:   <[EMAIL PROTECTED]>,
        <[email protected]>
        cc:
        Assunto:        RE: [Flow-tools] Two routers exporting flows



> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, March 17, 2005 7:52 AM
> To: [email protected]
> Subject: [Flow-tools] Two routers exporting flows
>
> Hi,
>
> Currently, i have 1 router exporting flows to my server and is all OK.
>
> Now, i need to export flows from 2 routers. I  configured my
> CUFlow.cf adding the line below
>
> # Our two netflow exporters. Produce service and protocol
> reports for the # total, and each of these.
> Router 171.xx.xx.1
> Router 171.xx.xx.2
>
> I running 1 flow-capture daemon and the routers work with the
> same ones networks and subnet.
> The two  router are exporting flow to port 2055 of the server.
>
> After to add the second router (Router 171.x.xx.2), i have the error
> bellow:
>


I wonder if it could be related to the following bug/patch, as posted by
Lawrence Baldwin? - jonathan glass


Mark,


ftdecode.c: (line 708)
    rec_v5->engine_type = pdu_v5->engine_type;
    rec_v5->engine_type = pdu_v5->engine_id;

Should be:
    rec_v5->engine_type = pdu_v5->engine_type;
    rec_v5->engine_id = pdu_v5->engine_id;


This has probably gone on undetected as engineID and engineType are often
BOTH zero...so despite the bug it wouldn't have resulted in any problems.
However, I have several situations with Cisco Distributed CEF (Cisco
Express
Forwarding) is enabled on the router...in this case the flow data is
exported from multiple EngineIDs (0,1,2,etc..)...when data is feed through
flow-fanout all the EngineID info is clobbered with Zeros (because it's
being copied from the EngineType in your decode function).


Regards,

Lawrence Baldwin
Chief Forensics Officer
myNetWatchman.com





**********************************************************************************

As informa��es contidas nesta mensagem e no(s) arquivo(s) anexo(s) s�o
endere�adas exclusivamente �(s) pessoa(s) e/ou institui��o(�es) acima
indicada(s), podendo conter dados confidenciais, os quais n�o podem, sob
qualquer forma ou pretexto, ser utilizados, divulgados, alterados,
impressos ou copiados, total ou parcialmente, por pessoas n�o autorizadas.
Caso n�o seja o destinat�rio, favor providenciar sua exclus�o e notificar
o remetente imediatamente.  O uso impr�prio ser� tratado conforme as
normas da empresa e da legisla��o em vigor.
Esta mensagem expressa o posicionamento pessoal do subscritor e n�o
reflete necessariamente a opini�o da Serasa.
**********************************************************************************


_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Reply via email to