-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have not yet updated NfSen-1.3.2 to make it nfdump-1.6 aware.
But if you want invite trouble - this may work as an ugly quick fix,
if you are really in a hurry:
in NfSenRC.pm in StartCollector around line 74:
Make the $args var look like:
my $args = "-w -D -p $port -u $uid -g $gid $buffer_opts $subdirlayout -P
$pidfile $NfConf::ZIPcollected $optargs";
e.g. remove the -I .. and -l .. args
Then in nfsen.comf:
So far you had:
%sources = (
'router1' => { 'port' => '9995', 'col' => ... },
'router2' => { 'port' => '9996', 'col' => ....},
...
}
Replace that by:
%sources = (
'router1' => { 'port' => '9995', 'col' => ... 'optarg' => "-n
router1,192.168.0.1,$PROFILEDATADIR/live/router1 -n
router2,192.168.0.2,PROFILEDATADIR/live/router2 ..." },
'router2' => { 'port' => '0', 'col' => ....},
...
}
assuming your router IPs are 192.168.0.1 and 192.168.0.2 in the example.
In words:
o Set the port for all sources to 0 except the first.
o Setup an optarg vector for the first source:
For each router add an -n Ident,IP,path option see nfcapd(1) 1.6
o Stop nfsen
o Pray, that you did everything right, as no error detection of the setup takes
place, and in case of an error you get
screwed up!
o Be warned!
o Start nfsen
If you have no bugs in your config, it works :)
- Peter
Alistair Cockeram wrote:
> Greetings,
> I'm attempting to deploy Nfsen in an environment where many
> routers are exporting Netflow data to a single UDP port on a collector.
>
> It is fairly impractical for us to change the many devices to each
> reference a different UDP port on the collector. As such, now that Nfdump
> has the ability to handle multiple flow sources on a single port, I'm
> wondering how difficult it will be to patch Nfsen in order to gain this
> functionality.
>
> A quick look over the code suggests it may be just a case of modifying
> NfSenRC.pm, NfConf.pm and perhaps a few other files in order to handle
> the additional source attributes and new Nfcapd command line syntax.
>
> If you can foresee any problems with this or elements I may have
> overlooked, please share your thoughts. If this is of interest to other
> users, perhaps we could work on this collaboratively?
>
> Thanks,
>
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [email protected] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSwv/q/5AbZRALNr/AQJqCQP+JkOhV8ZyqmothGa/rxcHkm/wwupkqehs
/7EHMhnisjEKK+ArKqDN67Wf3v1AXF1BLULTYhgJNncsd5pxU1POVUBm7JwvMoEZ
/F9v+aSIg2AH2kxO6Ix1QXzG7au+yJpVIll7omJtFxkjb5Dw/oM3qOTTVE5PYRlv
gcaoQM42z3c=
=MOkb
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
