Hello can you please file a bug and attach a pcap file (full packet capture) with the flows you have injected to ntop, so I can see what's wrong?
Cheers Luca On Feb 7, 2011, at 9:40 PM, Gary Gatten wrote: > PS: There *is* some debug flags in globals-define.h and a couple other > places for netflow. You could try to enable those and recompile, but I’d > wait for Luca first – he may not want / need those debugs and just wants a > packet capture from your ASA or something. > > G > > > From: [email protected] > [mailto:[email protected]] On Behalf Of A H > Sent: Monday, February 07, 2011 2:18 PM > To: [email protected] > Subject: [Ntop] NetFlow + Cisco ASA problem > > Hello, > > I am having difficulty with getting the flows to be picked up correctly by > ntop + netflow. I am sending them from an ASA5510. I see in the statistics > that it's received v9 templates and valid flows. The problem is that it's a > 1:1 ratio of valid flows received to Flows with zero byte count. Thinking > there may be a hiccup with the ASA, I tried using nfcapd + nfdump and was > successful in receiving and digesting the flows. > > I'm not using any aggregation, session handling isn't enabled, debug has been > turned on or off to no avail. Logs don't point to any hiccups. I've tried > increasing the -t log level and didn't see anything that corresponds. The > rrd files do get created as NF_numFlowPkts, NF_numFlows, etc... but doing an > rrdtool info on them doesn't look like anything is being submitted to them. > > Also, I initially tried the ntop version from sourceforge. Then I just > recently compiled the svn version on a CentOS 5.5 box. > > Thoughts? Pointers? > > Thanks, > AH > "This email is intended to be reviewed by only the intended recipient and may > contain information that is privileged and/or confidential. If you are not > the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, please > immediately notify the sender by return email and delete this email from your > system." _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop --- If you can not measure it, you can not improve it - Lord Kelvin
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
