Re: [Nfdump-discuss] Have you already worked with nfdump and Asr 1000 NEL ?
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] Have you already worked with nfdump and Asr 1000 NEL ?
|
From: David V. <Dav...@na...> - 2014-02-11 10:31:06
|
Hi,
Vrf is available but not translated src/dst port, which are availaible in pcap.
Thanks for the vrf ;)
-----Message d'origine-----
De : Peter Haag [mailto:ph...@us...]
Envoyé : mercredi 5 février 2014 21:06
À : Wilkinson, Alex; nfd...@li...
Objet : Re: [Nfdump-discuss] Have you already worked with nfdump and Asr 1000 NEL ?
On 5/2/14 4:28 AM, Wilkinson, Alex wrote:
> 0n Thu, Jan 30, 2014 at 05:53:53AM +1100, Peter Haag wrote:
>
> >Hi David,
> >
> >On 29/1/14 2:18 PM, David Villaume wrote:
> >> Hi,
> >>
> >> I tried the new feature < Asr 1000 NEL > but i can't get the field < vrf id> valid.
> >>
> >> Did someone tried this feature with vrf Nat ?
> >
> >If you have the enabled NSEL/NEL while compiling (--enable-nsel), then the vrf information should be available. Do not
> >forget to tell nfcapd to switch on those extension ( -Tnsel or -Tall ). Test the collected record with ./nfdump -o raw.
> >You'll see the complete record content.
>
> Using "nfdump -o raw -R ..." what exactly within the record would indicate that NSEL is being exported ?
It's indeed a bug in netflow v9 module: The patch fixes this:
--- netflow_v9.c.orig 2013-12-19 10:49:11.000000000 +0100
+++ netflow_v9.c 2014-02-04 21:17:56.000000000 +0100
@@ -1026,10 +1026,10 @@
break;
case EX_NEL_COMMON:
PushSequence( table, NF_N_NAT_EVENT, &offset, NULL);
- offset += 3;
+ offset += 7;
// XXX PushSequence( table, NF_N_POST_NAPT_SRC_PORT, &offset, NULL);
// XXX PushSequence( table, NF_N_POST_NAPT_DST_PORT, &offset, NULL);
-// XXX PushSequence( table, NF_N_INGRESS_VRFID, &offset, NULL);
+ PushSequence( table, NF_N_INGRESS_VRFID,
+ &offset, NULL);
break;
case EX_NEL_GLOBAL_IP_v4:
// XXX PushSequence( table, NF_N_NAT_INSIDE_GLOBAL_IPV4, &offset, NULL);
Thanks for the pcaps I got. It helps a lot to track down such problem.
Thanks
- Peter
>
> -Alex
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be confidential.
> If you are not the intended recipient please advise the sender by
> return email, do not use or disclose the contents, and delete the
> message and any attachments from your system. Unless specifically
> indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from
> us, please reply to this e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>
>
>
> ----------------------------------------------------------------------
> -------- Managing the Performance of Cloud-Based Applications Take
> advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.
> clktrk _______________________________________________
> Nfdump-discuss mailing list
> Nfd...@li...
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
Nfd...@li...
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
|
