You are confusing things. The # of senders is irrelevant. netFlows arrive as packets addressed to an ip:port. What you are configuring in the ntop plugin is the (single) listener for a port.
I don't know what would happen if you configured multiple listeners for the same port. I suspect that internally only the final select() call is working. Which matches what you see. I guess we could test this, as the multiple-listener configuration makes little sense. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MT Morales Sent: Thursday, March 31, 2005 2:53 PM To: [email protected]; [email protected] Subject: [Ntop-dev] Multiple Virtual Netflow interfaces problem I'm using ntop to analyze netflow data only. The instructions to configure Netflow are very straight forward from the netflow plugin menu, however I have problems when more than one virtual interface is configured and there is only ONE (cisco core switch) sending netflow to ntop: Netflow activity is only reported for the last interface configured. So far I can only on virtual netflow interface work per netflow sender. Let me explain what I'm trying to accomplish (perhaps I'm asking too much): - Send netflow data(version 5) from ONE Cisco core device - Configure Ntop virtual interfaces for as many network segments as this Cisco device is configured for (currently no more than 4). - Have Ntop split the netflow data for analysis through its virtual interface switching so each interface reports on every segment. After configuring the above, I found that only the last interface configured is the one reporting netflow activity. (verified by checking: rrd graphs truncated, ntop log show netflow received on last "deviceId=4" only, editing ntop netflow interface plugin for previous three shows no netflow stats) Again, so far I've only succeeded by having multiple Cisco devices sending netflow data to ntop on different destination udp ports. I tried this using compiled ntop 3.1.1 (from cvs March 29, 05) and using ntop rpm 3.1 for Linux, both with the same result. Any suggestions or recommendations will be appreciated. -Tomas _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
