[Nfsen-discuss] nfsen problem with Fortigate.

Tue, 12 Dec 2017 07:45:06 -0800 

Hello all,
I'M trying to get nfsen information from fortigate 100D.
for test purposes, i enabled both sflow and netflow on fortigate

Wan port config is as :

--------------
config system interface
    edit "wan1"
        set vdom "root"
        set mode pppoe
        set allowaccess ping
        set type physical
        set netflow-sampler both
        set sflow-sampler enable
        set sample-rate 512
        set polling-interval 30
----------------
config system sflow
    set collector-ip 10.1.1.13
    set collector-port 9994
    set source-ip 10.1.3.2
end
config system netflow
    set collector-ip 10.1.1.13
    set collector-port 9995
    set source-ip 10.1.3.2
    set active-flow-timeout 1
end
-----------------------



WHen i check with tcpdump i got the following lines streaming

tcpdump -i any -n udp port 9995 -T cnfp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
17:10:37.819012 IP 10.1.3.2.2614 > 10.1.1.13.9995: NetFlow v9, 2921178.370
uptime, 1513091437.000000115,  1 recs


and

tcpdump -i any -n udp port 9994 -T cnfp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
17:13:21.684219 IP 10.1.3.2.2349 > 10.1.1.13.9994: NetFlow v0, 0.001
uptime, 167838466.000000000,  5 recs
  started 0.001, last 0.512
    0.0.55.41:32 > 174.32.37.22:13312 >> 0.0.0.1
    0 tos 0, 184 (4121 octets)
  started 2423041.105, last 3117853.792
    0.0.0.1:46687 > 0.0.0.144:14226 >> 0.0.0.1
    17 tos 0, 4 (128 octets)
  started 803098.648, last 2206.628
    64.0.57.6:0 > 234.87.195.175:5891 >> 227.25.78.189
    17 tos 151, 3437380716 (3899816432 octets)

-----------------------

My nfsen.conf file is:

'peer1'        => { 'port' => '9995', 'IP' => '10.1.3.2',
'col'=>'#0000ff','type'=>'netflow' },


'peer2'        => { 'port' => '9994', 'IP' => '10.1.3.2',
'col'=>'#0000cf','type'=>'sflow' },





But there is no data collecting..
I can see sflow and netflow collectors on ps -ef..
but on folder there is only 276 bytes of data for both peers.

Any ideas??


Thank you

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to