Hi Adrian, list,
Many thanks for your ideas.
I found on a previous post that adding the loopback IPs of the devices in the
sources config might work:
'Device1' => { 'port' => 'x', 'IP' => 'a', 'col' => 'y’ },
'Device2' => { 'port' => 'x', 'IP' => 'b', 'col' => 'z’ },
I’ve done so and it’s working, so I wanted to share it with you :)
Regards/Saludos,
Juan Quintanilla
Security Engineer
GEANT Limited
From: Adrian Popa [mailto:adrian.popa...@gmail.com]
Sent: 02 December 2014 07:35
To: Juan Quintanilla
Cc: nfsen-discuss@lists.sourceforge.net
Subject: Re: [Nfsen-discuss] Splitting Nfsen in different sources using one
export port
I forgot to mention why it's a bad idea to cram all the traffic to one port -
if you get a lot of UDP packets to the port you might overflow the port's
buffer (each UDP port on linux has a maximum receive buffer) and you may loose
flows because of this.
On Tue, Dec 2, 2014 at 9:30 AM, Adrian Popa <adrian.popa...@gmail.com
<mailto:adrian.popa...@gmail.com> > wrote:
In theory yes - you can separate the data back based on exporter IP and
exporter ID. But as far as I know exporter IP is not saved by default in the
nfcapd file and you need to instruct nfcapd to save it. You should change your
nfsen.conf file to something like:
'Device' => { 'port' => 'x', 'col' => 'x, 'type' => 'netflow', 'optarg' => '
-T +13,+14' },
>From nfcapd's man page:
13 Exporting router IPv4/IPv6 address
14 Exporting router ID
>From nfdump you would need to add extra fields to your view to be able to view
>the new data:
%exp Exporter ID
%ra Router IP Address
See man nfdump for details.
On Mon, Dec 1, 2014 at 4:12 PM, Juan Quintanilla <juan.quintani...@dante.net
<mailto:juan.quintani...@dante.net> > wrote:
Hi list,
While NfSen distinguishes sources based on port as defined in nfsen.conf file…
'Device' => { 'port' => 'x', 'col' => 'x, 'type' => 'netflow' },
Question: Is it possible to send netflow data from different devices using the
same port and have NfSen splitting them in different channels as per the source
IP info contained in the flow?
If the answer is yes, I would greatly appreciate if someone could share with me
the way you have achieved this.
Many thanks in advance for your help & support.
Regards/Saludos,
Juan Quintanilla
Operations Security Engineer
GEANT Limited
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751
<http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk>
&iu=/4140/ostg.clktrk
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
<mailto:Nfsen-discuss@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
