Re: [Nfdump-discuss] nfcapd for receiving IPFIX data from Yaf

Sun, 09 Aug 2015 04:23:27 -0700 

Hi Risto,
I havn't looked so far into the issue regarding Yaf. The requests for IPFIX
come mostly from Juniper/CISCO users. However, I may put it on the ToDo list,
but woud need some sample traces, as well as a typical yaf config, for you.

Feel free, to send me these offlist.

Many thanks

        - Peter


On 16.06.15 13:52, Risto Vaarandi wrote:
> hi folks,
> I've been using NfSen and nfcapd for a while for collecting netflow data.
> Few days ago, I started experimenting with yaf probes, in order to connect
> them to my NfSen installation. According to the nfcapd manual, it should
> support IPFIX protocol which is spoken by Yaf. Nevertheless, when sending
> data from Yaf to NfSen, my log files are full of messages like this:
> 
> Jun 16 14:33:13 myserv nfcapd[24476]: Process_ipfix: Corrupt data flowset?
> Pad bytes: 37
> Jun 16 14:33:13 myserv nfcapd[24476]: Process_ipfix: Corrupt data flowset?
> Pad bytes: 37
> Jun 16 14:33:13 myserv nfcapd[24476]: Process_ipfix: Corrupt data flowset?
> Pad bytes: 37
> 
> Also, from NfSen graphs I can see that only a small part of my traffic is
> actually captured.
> 
>>From the Yaf mailing list, I have found a post from exactly 1 year ago
> which seems to suggest that nfcapd does not implement IPFIX protocol fully,
> and lacks support for variable length elements:
> 
> https://lists.sei.cmu.edu/pipermail/netsa-tools-discuss/2014-June/000002.html
> 
> What is the current status of IPFIX support in nfcapd, and is there are
> workaround for my problem?
> 
> kind regards,
> risto
> 
> 
> 
> ------------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to