Actually the default handling of netFlow is to merge them all. Luca just committed to the cvs the ability to handle multiple distinct netFlow's, but I assume the old merge behavior remains available.
-----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Jon Garlock > Sent: Tuesday, August 03, 2004 3:39 PM > To: [EMAIL PROTECTED] > Subject: [Ntop] NetFlow (the dumb newbie is back! Heh) > > > > First off, thanks to everyone on the list for the help in the past. > I've now got 6 linux machines running ntop at 6 sites here at our org. > That could never have happened without your help :) Between MRTG and > NTOP, this has been one hell of a year. It's damned nice to know what's > going on .. > > Anyways, enough ass kissing. But I felt it necessary to prep as I've > got a couple of dumb newbie questions. Not so much how-to questions, > but .. eh, you'll see. > > Now that we're up, running, collecting and reporting with ntop, I'd like > to shake things up by testing working with netflow. We're > cisco-everywhere, so it shouldn't be a problem. > > I've read through the "NTop, NetFlow and Cisco Routers" document by > Jonathan Feldman (sorry, no URL handy). Using that doc, I've been able > to collect and report on netflow statistics. Great! :) > > Now for my question (and I probably could have just jumped right here): > is it possible to merge netflow statistics? I know, by default, it's > not. Simply activating the netflow plug-in forces all interfaces to be > reported seperately. Is there some type of workaround? > > This is why I'm asking: at our primary site, we have 3 major WAN links. > As it stands now, I'm sniffing that data with the ntop box which has an > interface on each of those critical segments (core to primary WAN router > (frame relay), core to secodnary WAN router (collection of point to > point t1's) and core to firewall). > > With ntop now, I merge all this traffic and get a great "complete > picture" of what folks are up to. > > If I were to switch to 3 NetFlow's, I'd have to constantly switch > between them to get a good idea of what's going on. It has to do with > the way our network passes traffic. For example, a user in a remote > office requests a web page. His local router decides that traffic is > best routed over the t1. It arrives at HQ on the secondary router and > hops directly over to the firewall, as it's the gateway of last resort. > Internet magic happens, and the data from the users request comes back > in. The router in HQ decides to send it over frame relay. > > I'd have to look at 3 separate netflow interfaces to get the "complete" > picture .. at least from here at HQ. > > Is this making sense? Am I overlooking something stupid that makes my > question moot? Is this something that's in my newbieness I missed was > asked each week for the last 30 weeks in the archive? Heh. I hope not > :) > > Thanks and sorry for the freakin' BOOK of an email for a simple > question. > > Thanks, > Jon. > -------------------------------------------------------- > The information in this transmission is privileged and > confidential and intended only for the recipient listed above. If > you are not the intended recipient, please advise the sender > immediately by reply e-mail and delete this message and any > attachments without retaining a copy. If you are not the intended > recipient, you are hereby notified that any disclosure, copying > or distribution of this message, or the taking of any action > based upon it, is strictly prohibited. > Thank you. > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
