There was in issue with the flows coming from ASA's, but I "thought" that has been resolved some months back? Perhaps Luca can jump in on this one?
From: A H [mailto:[email protected]] Sent: Monday, February 07, 2011 02:17 PM To: [email protected] <[email protected]> Subject: [Ntop] NetFlow + Cisco ASA problem Hello, I am having difficulty with getting the flows to be picked up correctly by ntop + netflow. I am sending them from an ASA5510. I see in the statistics that it's received v9 templates and valid flows. The problem is that it's a 1:1 ratio of valid flows received to Flows with zero byte count. Thinking there may be a hiccup with the ASA, I tried using nfcapd + nfdump and was successful in receiving and digesting the flows. I'm not using any aggregation, session handling isn't enabled, debug has been turned on or off to no avail. Logs don't point to any hiccups. I've tried increasing the -t log level and didn't see anything that corresponds. The rrd files do get created as NF_numFlowPkts, NF_numFlows, etc... but doing an rrdtool info on them doesn't look like anything is being submitted to them. Also, I initially tried the ntop version from sourceforge. Then I just recently compiled the svn version on a CentOS 5.5 box. Thoughts? Pointers? Thanks, AH <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
