Hi Lisa
On 10/10/2012 09:24 PM, Duncan, Lisa M (Lamanna) wrote:
Hello,
I am new to nprobe and would like to ask for some advice on the most
efficient way to use the proxy functionality for my needs. I have
done some reading on the lists and user manuals and it seems like
there may be several ways I could configure nprobe to do what I am
looking for. We do have some limitation in how we are receiving the
flows and need to support existing processes that make this setup less
than ideal. I have been able to get nprobe configured to do the proxy
of all flows to the multiple destinations and it is working. However,
I am not really sure what the best way is to limit the second proxy
feed to only certain subnets. I noticed the --blacklist option but I
am looking for a whitelist. Below is a summary of my lab setup and
what I am trying to accomplish. Thank you in advance for your help.
Setup:
Existing netflow appliance receives flows from our aggregation
routers. The Appliance then tees an aggregated flow feed to our linux
test system on port 15001.
We would like nprobe to collect the flows from port 15001 on our linux
test systemand then:
·Proxy all flows to localhost:15002 where another existing application
is reading and writing all flows to disk.
Doable. nProbe can also dump flows on disk wuithout passing them to a
third application
The CLI to use is nprobe -3 15001 -i none -n localhost:15002
·Proxy only a subset of approximately 100 subnets to remote_system:2055.
Flow filtering in proxy mode is not supported
Regards Luca
*Version information:*
*nProbe Standard [Unix]*
$ nprobe -v
Welcome to nprobe v.6.9.7 ($Revision: 2406 $) for x86_64-unknown-linux-gnu
Copyright 2002-12 by Luca Deri [email protected] <mailto:[email protected]>
Thanks,
Lisa
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
