Thank you Peter for your answer. I think I am not very clare to explain my
problem.
I am collecting data with a machine with the network card, this interface
is on promiscuous mode so it collect data with fprobe and send it as netflow
to a local collectors of NFSEN.
As this machine is on promiscuous mode, and the port where it is connected
is a mirror port this machine loss network capabilities ( it sees all the
traffic on the switch but it cant connect with any other equipment ).
The only solution that I could found is to add another network to the
machine ( one connected to the mirror port and the other connected to a
normal switch port).
But what I want is to collect this data in many places and then consolidate
all the data offline on an NFSEN
Regards
Luis.
On Mon, Aug 4, 2008 at 5:42 AM, Peter Haag <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Luis,
>
> Luis Adrian Amato Perrupato wrote:
> | Hi guys, I am a new nfsen enthusiastic user.
> | I am implementing it to audit networks. The idea is to install some
> sensor (
> | nfsens + fprobe ) on a network and then consolidate all the data and
> analyze
> | it
> |
> | This is the way I am testing.
> | A port span ( mirror ) on a switch, on that port it is conected a PC
> | with *nfsen
> | *working and collecting data from *fprobe-ng*, on the same machine (this
> | work fine). But I wanted to know how could I migrate the data from this
> | nfsens to consolidate all the data on the nfsen where I integrate all the
> | data.
>
> Moving/copying data from one NfSen instance to another can not be done
> easily.
> If you simply copy the data, you need to rebuild to profile in order to let
> new
> Nfsen recalculate diskspace and expire infos. This is what you will see
> afterwards
> when doing an nfsen -l live. However, the rrd ( garphical data ) is not
> rebuilt in
> NfSen v1.3. It will most likely be integrated in future versions.
>
> |
> | Now I copy the data and then query it,
> | " nfsen -r live "
> | but i am not able to graph it on the nfsen machine where I consolidate
> all
> | the data.
> |
> | My question finally is, how could I collect the data from different
> sources
> | ( copying it ) to a central nfsen and graph all the results.
>
> Send the data directly to your final NfSen installation. If you have some
> more
> NfSen installations in between, send it to the first, and let nfcapd
> automatically
> forward the data to the final NfSen. ( optarg => '-R ....' in nfsen.conf )
>
> Hope this helps
>
> - Peter
>
> |
> | - Nfdump Version: 1.5.7 --with-rrdpath=/usr/bin --enable-nfprofile
> | - Nfsen 1.3
> |
> | Best regards
> |
> |
> | ------------------------------------------------------------------------
> |
> | -------------------------------------------------------------------------
> | This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> | Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> | Grand prize is a trip for two to an Open Source event anywhere in the
> world
> | http://moblin-contest.org/redirect.php?banner_id=100&url=/
> |
> |
> | ------------------------------------------------------------------------
> |
> | _______________________________________________
> | Nfsen-discuss mailing list
> | Nfsen-discuss@lists.sourceforge.net
> | https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
> - --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iQCVAwUBSJbA7f5AbZRALNr/AQKTdAP+LbOoHLOrETG3hMgod5/HX8NkXVqXwUij
> UGC5n46ZEwuGZ4MjcDmlfHjFX4o8h+zoaR/JAmlhbHrRkQniyrk4TfEhMM0rJmjG
> 8UD0C4bSg0yNJhsYxIfTtlKdYNFr05WI01KtK8t96bHe6nNusK+5sUTqBI8oJzga
> dKbhnbDwxQs=
> =4nqW
> -----END PGP SIGNATURE-----
>
--
Amato Perrupato Luis Adrián
Analista de Sistemas
CCNA
Buenos Aires - Argentina
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
