On 02/25/2011 11:10 AM, Mark D. Nagel wrote: > On 2/25/2011 6:16 AM, Matthew Gracie wrote: >> For some reason, even though the traffic is coming in to the port that >> nfcapd is listening to, it's just not recognizing it as Netflow traffic. >> I've restarted the daemon, restarted the machine, changed ports, removed >> and reconfigured the flow-export rules on the router; nothing seems to >> make nfcapd recognize this traffic properly. > > Check iptables. > > Mark >
I did - iptables isn't running on this machine. It looks like recompiling nfcapd on my machine and using that instead of the one from the AlienVault repository fixed the issue; I'm starting to get proper flow information now. Sorry to have wasted everyone's time. -- Matt Gracie (716) 888-8378 Information Security Administrator [email protected] Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
