After installing nfsen in my ubuntu 18.04 when i run " service nfsen
status" nfens in active and running but i get error
"Unknown flow source x.x.x.x" and .skip UDP packet so far 326 packets.
Where exactly do you see this error? Are you looking at nfcapd logs, or
somewhere else?
nfsen doesn't capture packets, nfcapd does. However nfsen does configure
nfcapd, and you'll need to tell it which port to listen on.
In your nfsen config you need something like this:
%sources = (
'gw1' => { 'port' => '9001', 'col' => '#0000ff', 'type' =>
'netflow' },
);
If you have multiple sources sending to different ports, just add them.
If you have multiple sources sending to the *same* port then you can
distinguish them by source IP address:
%sources = (
'gw1' => { 'port' => '9001', 'IP' => 'x.x.x.x', 'col' => '#0000ff',
'type' => 'netflow' },
'gw2' => { 'port' => '9001', 'IP' => 'y.y.y.y', 'col' => '#00ff00',
'type' => 'netflow' },
);
Of course these IPs have to match the actual IP that the router is sending from
(check the source addresses you see in tcpdump) otherwise nfcapd won't know
which one to use.
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
