I'm working on grabbing a pcap file that also contains a template. Will file a bug once done.
On Mon, Feb 7, 2011 at 2:52 PM, Luca Deri <[email protected]> wrote: > Hello > can you please file a bug and attach a pcap file (full packet capture) with > the flows you have injected to ntop, so I can see what's wrong? > > Cheers Luca > > On Feb 7, 2011, at 9:40 PM, Gary Gatten wrote: > > PS: There **is** some debug flags in globals-define.h and a couple other > places for netflow. You could try to enable those and recompile, but I’d > wait for Luca first – he may not want / need those debugs and just wants a > packet capture from your ASA or something. > > G > > > ------------------------------ > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *A H > *Sent:* Monday, February 07, 2011 2:18 PM > *To:* [email protected] > *Subject:* [Ntop] NetFlow + Cisco ASA problem > > Hello, > > I am having difficulty with getting the flows to be picked up correctly by > ntop + netflow. I am sending them from an ASA5510. I see in the > statistics that it's received v9 templates and valid flows. The problem is > that it's a 1:1 ratio of valid flows received to Flows with zero byte > count. Thinking there may be a hiccup with the ASA, I tried using nfcapd + > nfdump and was successful in receiving and digesting the flows. > > I'm not using any aggregation, session handling isn't enabled, debug has > been turned on or off to no avail. Logs don't point to any hiccups. I've > tried increasing the -t log level and didn't see anything that corresponds. > The rrd files do get created as NF_numFlowPkts, NF_numFlows, etc... but > doing an rrdtool info on them doesn't look like anything is being submitted > to them. > > Also, I initially tried the ntop version from sourceforge. Then I just > recently compiled the svn version on a CentOS 5.5 box. > > Thoughts? Pointers? > > Thanks, > AH > "This email is intended to be reviewed by only the intended recipient and > may contain information that is privileged and/or confidential. If you are > not the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > --- > If you can not measure it, you can not improve it - Lord Kelvin > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
