Interestingly enough I found out that even though the UDP listener is binding to, supposedly, everything:
udp 0 0 0.0.0.0:2055 0.0.0.0:* 1174/ntop ...the particular interface I'm directing the traffic to is getting the traffic (known via tcpdump), but the ntop listener is not accepting it. Is there any way to force the listener to a specific interface instead of having it start on 0.0.0.0? I tried running a Netflow generator and pointed it at both my management interface (i.e. ntop web / ssh) which then showed the Netflow traffic and then moved it back over to the interface I want to sink the traffic towards and it stops showing up. Thanks, --Dave -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Monday, August 01, 2011 4:50 PM To: '[email protected]' Subject: Re: [Ntop] Ntop & v9 Netflow Does netstat -an show a listener for netflow? Rarely it appears like it started correctly, but dies without notice. If a thread is "running" on your host for netflow, then I have no idea what your prob is. What are your startup args and any custom prefs? ----- Original Message ----- From: David Meier [mailto:[email protected]] Sent: Monday, August 01, 2011 04:08 PM To: [email protected] <[email protected]> Subject: Re: [Ntop] Ntop & v9 Netflow Yes. I'm viewing the traffic (or lack thereof) via the 'Netflow-device.x'. The 'netflow statistics' state: 'No Data to Display (yet)'. I have a router pushing v5 flows to it as well - no dice. Very odd that I see the traffic via tcpdump. </stumped> -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Monday, August 01, 2011 3:19 PM To: '[email protected]' Subject: Re: [Ntop] Ntop & v9 Netflow I know this will sound basic, but did you "switch NIC" in the "Admin" tools and select your netflow interface? What if you view the netflow statistics? Anything interesting there? When using v9 there has been some issues with templates. Can you try v5 and see if that works? G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Meier Sent: Monday, August 01, 2011 3:07 PM To: [email protected] Subject: [Ntop] Ntop & v9 Netflow I'm currently trying to deploy some Ntop boxes which will ultimately be Netflow v9 collectors. I have two interfaces on each box; one is used for SSH management / Ntop web interface and the other is a specialized interface to act as the Netflow 'sink'. The problem I'm running into is that the netflow seems to be getting to the 'sink' interface (if I tcpdump it out to pcap I see that it's Netflow v9 records), however nothing ever shows up in Ntop even though I have the Netflow plugin configured. I've tried turning debug on (for the plugin) but I don't see any additional information in the log. Is there any better way to run the daemon to get better debug? The version I'm running is: ntop v.4.1.0 (64 bit) [x86_64-2.6.32-33-server-linux-gnu] Thanks in advance!!! ________________________________ Note: This e-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
