I don't know about sflow, sorry...
On Wed, Dec 13, 2017 at 10:35 AM, Oguzhan Kayhan <oguz...@kayhan.name.tr>
wrote:
> Thank you adrian.
> It's been about 10 hours. and still no data.
> For netflow template packet might be expected (not normal to receive in
> that long time) what about sflow?
> Does it need also?
> I am listening on two protocols to get smting useful
>
>
> On Wed, Dec 13, 2017 at 11:19 AM, Adrian Popa <adrian.popa...@gmail.com>
> wrote:
>
>> Since Netflow v9 uses a templated payload, the collector needs to receive
>> a packet describing the template format (what fields are exported). After
>> this packet is received, data is processed and saved. You will see the same
>> thing with wireshark - when you try to decode the payload with the cflow
>> dissector - until a template packet is received, the payload can't be
>> decoded.
>>
>> Normally template packets should be sent out periodically, but it may
>> depend on the volume of data being exported.
>>
>> On Tue, Dec 12, 2017 at 5:16 PM, Oguzhan Kayhan <oguz...@kayhan.name.tr>
>> wrote:
>>
>>> Hello all,
>>> I'M trying to get nfsen information from fortigate 100D.
>>> for test purposes, i enabled both sflow and netflow on fortigate
>>>
>>> Wan port config is as :
>>>
>>> --------------
>>> config system interface
>>> edit "wan1"
>>> set vdom "root"
>>> set mode pppoe
>>> set allowaccess ping
>>> set type physical
>>> set netflow-sampler both
>>> set sflow-sampler enable
>>> set sample-rate 512
>>> set polling-interval 30
>>> ----------------
>>> config system sflow
>>> set collector-ip 10.1.1.13
>>> set collector-port 9994
>>> set source-ip 10.1.3.2
>>> end
>>> config system netflow
>>> set collector-ip 10.1.1.13
>>> set collector-port 9995
>>> set source-ip 10.1.3.2
>>> set active-flow-timeout 1
>>> end
>>> -----------------------
>>>
>>>
>>>
>>> WHen i check with tcpdump i got the following lines streaming
>>>
>>> tcpdump -i any -n udp port 9995 -T cnfp
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
>>> bytes
>>> 17:10:37.819012 IP 10.1.3.2.2614 > 10.1.1.13.9995: NetFlow v9,
>>> 2921178.370 uptime, 1513091437.000000115, 1 recs
>>>
>>>
>>> and
>>>
>>> tcpdump -i any -n udp port 9994 -T cnfp
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
>>> bytes
>>> 17:13:21.684219 IP 10.1.3.2.2349 > 10.1.1.13.9994: NetFlow v0, 0.001
>>> uptime, 167838466.000000000, 5 recs
>>> started 0.001, last 0.512
>>> 0.0.55.41:32 > 174.32.37.22:13312 >> 0.0.0.1
>>> 0 tos 0, 184 (4121 octets)
>>> started 2423041.105, last 3117853.792
>>> 0.0.0.1:46687 > 0.0.0.144:14226 >> 0.0.0.1
>>> 17 tos 0, 4 (128 octets)
>>> started 803098.648, last 2206.628
>>> 64.0.57.6:0 > 234.87.195.175:5891 >> 227.25.78.189
>>> 17 tos 151, 3437380716 <(343)%20738-0716> (3899816432 octets)
>>>
>>> -----------------------
>>>
>>> My nfsen.conf file is:
>>>
>>> 'peer1' => { 'port' => '9995', 'IP' => '10.1.3.2',
>>> 'col'=>'#0000ff','type'=>'netflow' },
>>>
>>>
>>> 'peer2' => { 'port' => '9994', 'IP' => '10.1.3.2',
>>> 'col'=>'#0000cf','type'=>'sflow' },
>>>
>>>
>>>
>>>
>>>
>>> But there is no data collecting..
>>> I can see sflow and netflow collectors on ps -ef..
>>> but on folder there is only 276 bytes of data for both peers.
>>>
>>> Any ideas??
>>>
>>>
>>> Thank you
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Nfsen-discuss mailing list
>>> Nfsen-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>
>>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
